CVE-2019-18197

Опубликовано: 18 окт. 2019

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.

Отчет

Red Hat OpenStack consumes fixes from the base Red Hat Enterprise Linux Operating System. Therefore the libxslt package provided by Red Hat OpenStack has been marked as 'will not fix'.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	libxslt	Out of support scope
Red Hat Enterprise Linux 6	libxslt	Out of support scope
Red Hat OpenStack Platform 10 (Newton)	libxslt	Will not fix
Red Hat OpenStack Platform 13 (Queens)	libxslt	Will not fix
Red Hat OpenStack Platform 14 (Rocky)	libxslt	Will not fix
Red Hat Storage 3	libxslt	Affected
Red Hat Enterprise Linux 6 Supplementary	chromium-browser	Fixed	RHSA-2020:0514	17.02.2020
Red Hat Enterprise Linux 7	libxslt	Fixed	RHSA-2020:4005	29.09.2020
Red Hat Enterprise Linux 8	libxslt	Fixed	RHSA-2020:4464	04.11.2020
Red Hat Enterprise Linux 8	libxslt	Fixed	RHSA-2020:4464	04.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1770768libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure

EPSS

Процентиль: 81%

0.0154

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2019-18197

CVSS3: 7.5

ubuntu

почти 6 лет назад

CVE-2019-18197

CVSS3: 7.5

nvd

почти 6 лет назад

CVE-2019-18197

CVSS3: 7.5

debian

почти 6 лет назад

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable i ...

SUSE-SU-2020:0920-2

suse-cvrf

почти 5 лет назад

Security update for libxslt

SUSE-SU-2020:0920-1

suse-cvrf

больше 5 лет назад

Security update for libxslt

EPSS

Процентиль: 81%

0.0154

Низкий

7.5 High

CVSS3