CVE-2019-18197

Current Description

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.

Basic Data

Published	October 18, 2019
Last Modified	May 29, 2020
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	CWE-416
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	HIGH
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	PARTIAL
CVSS 2 - Availability Impact	PARTIAL
CVSS 2 - Base Score	5.1
Severity	MEDIUM
Exploitability Score	4.9
Impact Score	6.4
Obtain All Privilege	false
Obtain User Privilege	false
Obtain Other Privilege	false

Base Metric V3

No data provided.

Configurations

AND

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other	Version Start Including	Version End Including	Version Start Excluding	Version End Excluding
2.3	Application	Xmlsoft	Libxslt	1.1.33	*	*	*	*	*	*	*

OR Running on/with:

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other	Version Start Including	Version End Including	Version Start Excluding	Version End Excluding
2.3	OS	Linux	Linux Kernel	-	*	*	*	*	*	*	*

OR - Configuration 2

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	OS	Canonical	Ubuntu Linux	12.04	*	*	*	esm	*	*	*
2.3	OS	Canonical	Ubuntu Linux	14.04	*	*	*	esm	*	*	*
2.3	OS	Canonical	Ubuntu Linux	16.04	*	*	*	lts	*	*	*
2.3	OS	Canonical	Ubuntu Linux	18.04	*	*	*	lts	*	*	*
2.3	OS	Canonical	Ubuntu Linux	19.04	*	*	*	*	*	*	*
2.3	OS	Canonical	Ubuntu Linux	19.10	*	*	*	*	*	*	*
2.3	OS	Debian	Debian Linux	8.0	*	*	*	*	*	*	*

Vulnerable Software List

Vendor	Product	Versions
Xmlsoft	Libxslt	1.1.33
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	12.04, 14.04, 16.04, 18.04, 19.04, 19.10

References

Name	Source	URL	Tags
openSUSE-SU-2020:0189	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html	SUSE
openSUSE-SU-2020:0210	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html	SUSE
openSUSE-SU-2020:0233	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html	SUSE
openSUSE-SU-2020:0731	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html	SUSE
[oss-security] 20191117 Nokogiri security update v1.10.5	http://www.openwall.com/lists/oss-security/2019/11/17/2	MLIST	Mailing List Third Party Advisory
RHSA-2020:0514	https://access.redhat.com/errata/RHSA-2020:0514	REDHAT
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746	MISC	Issue Tracking Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768	MISC	Issue Tracking Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914	MISC	Issue Tracking Third Party Advisory
https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285	https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285	MISC	Patch Third Party Advisory
[debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update	https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html	MLIST	Third Party Advisory
https://security.netapp.com/advisory/ntap-20191031-0004/	https://security.netapp.com/advisory/ntap-20191031-0004/	CONFIRM	Third Party Advisory
https://security.netapp.com/advisory/ntap-20200416-0004/	https://security.netapp.com/advisory/ntap-20200416-0004/	CONFIRM
USN-4164-1	https://usn.ubuntu.com/4164-1/	UBUNTU	Third Party Advisory
N/A	https://www.oracle.com/security-alerts/cpuapr2020.html	N/A