ID CVE-2019-18197
Summary In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
References
Vulnerable Configurations
  • cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*
    cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1770768
    title CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment libxslt is earlier than 0:1.1.28-6.el7
            oval oval:com.redhat.rhsa:tst:20204005001
          • comment libxslt is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121265009
        • AND
          • comment libxslt-devel is earlier than 0:1.1.28-6.el7
            oval oval:com.redhat.rhsa:tst:20204005003
          • comment libxslt-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121265011
        • AND
          • comment libxslt-python is earlier than 0:1.1.28-6.el7
            oval oval:com.redhat.rhsa:tst:20204005005
          • comment libxslt-python is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121265013
    rhsa
    id RHSA-2020:4005
    released 2020-09-29
    severity Moderate
    title RHSA-2020:4005: libxslt security update (Moderate)
  • bugzilla
    id 1770768
    title CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment libxslt is earlier than 0:1.1.32-5.el8
            oval oval:com.redhat.rhsa:tst:20204464001
          • comment libxslt is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121265009
        • AND
          • comment libxslt-debugsource is earlier than 0:1.1.32-5.el8
            oval oval:com.redhat.rhsa:tst:20204464003
          • comment libxslt-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20201766114
        • AND
          • comment libxslt-devel is earlier than 0:1.1.32-5.el8
            oval oval:com.redhat.rhsa:tst:20204464005
          • comment libxslt-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121265011
    rhsa
    id RHSA-2020:4464
    released 2020-11-04
    severity Moderate
    title RHSA-2020:4464: libxslt security update (Moderate)
  • rhsa
    id RHSA-2020:0514
rpms
  • chromium-browser-0:80.0.3987.87-1.el6_10
  • chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10
  • libxslt-0:1.1.28-6.el7
  • libxslt-debuginfo-0:1.1.28-6.el7
  • libxslt-devel-0:1.1.28-6.el7
  • libxslt-python-0:1.1.28-6.el7
  • libxslt-0:1.1.32-5.el8
  • libxslt-debugsource-0:1.1.32-5.el8
  • libxslt-devel-0:1.1.32-5.el8
refmap via4
confirm
misc
mlist
  • [debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update
  • [oss-security] 20191117 Nokogiri security update v1.10.5
suse
  • openSUSE-SU-2020:0189
  • openSUSE-SU-2020:0210
  • openSUSE-SU-2020:0233
  • openSUSE-SU-2020:0731
ubuntu USN-4164-1
Last major update 24-08-2020 - 17:37
Published 18-10-2019 - 21:15
Last modified 24-08-2020 - 17:37
Back to Top