CVE-2019-18197

moderate-risk
Published 2019-10-18

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.

Do I need to act?

~
4.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / HIGH complexity

Affected Products (8)

Libxslt

Affected Vendors

Debian Xmlsoft Canonical

References (30)

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
Mailing List http://www.openwall.com/lists/oss-security/2019/11/17/2
https://access.redhat.com/errata/RHSA-2020:0514
Issue Tracking https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
Issue Tracking https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
Issue Tracking https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
Patch https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6...
Third Party Advisory https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20191031-0004/
https://security.netapp.com/advisory/ntap-20200416-0004/
Third Party Advisory https://usn.ubuntu.com/4164-1/
https://www.oracle.com/security-alerts/cpuapr2020.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
Mailing List http://www.openwall.com/lists/oss-security/2019/11/17/2
and 10 more references
44
/ 100
moderate-risk
Severity 22/34 · High
Exploitability 8/34 · Low
Exposure 14/34 · Moderate