GoogleOSV:GHSA-CF46-6XXH-PC75libxslt Type Confusion vulnerability that affects Nokogiri
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
67.3%
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
Nokogiri prior to version 1.10.5 used a vulnerable version of libxslt. Nokogiri 1.10.5 updated libxslt to version 1.1.34 to address this and other vulnerabilities in libxslt.
References
lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
seclists.org/fulldisclosure/2019/Aug/11
seclists.org/fulldisclosure/2019/Aug/13
seclists.org/fulldisclosure/2019/Aug/14
seclists.org/fulldisclosure/2019/Aug/15
seclists.org/fulldisclosure/2019/Jul/22
seclists.org/fulldisclosure/2019/Jul/23
seclists.org/fulldisclosure/2019/Jul/24
seclists.org/fulldisclosure/2019/Jul/26
seclists.org/fulldisclosure/2019/Jul/31
seclists.org/fulldisclosure/2019/Jul/37
seclists.org/fulldisclosure/2019/Jul/38
www.openwall.com/lists/oss-security/2019/11/17/2
bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796
github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e
github.com/sparklemotion/nokogiri/issues/1943
github.com/sparklemotion/nokogiri/releases/tag/v1.10.5
gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
lists.debian.org/debian-lts-announce/2019/07/msg00020.html
lists.fedoraproject.org/archives/list/[email protected]/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
nvd.nist.gov/vuln/detail/CVE-2019-13118
oss-fuzz.com/testcase-detail/5197371471822848
seclists.org/bugtraq/2019/Aug/21
seclists.org/bugtraq/2019/Aug/22
seclists.org/bugtraq/2019/Aug/23
seclists.org/bugtraq/2019/Aug/25
seclists.org/bugtraq/2019/Jul/35
seclists.org/bugtraq/2019/Jul/36
seclists.org/bugtraq/2019/Jul/37
seclists.org/bugtraq/2019/Jul/40
seclists.org/bugtraq/2019/Jul/41
seclists.org/bugtraq/2019/Jul/42
security.netapp.com/advisory/ntap-20190806-0004
security.netapp.com/advisory/ntap-20200122-0003
support.apple.com/kb/HT210346
support.apple.com/kb/HT210348
support.apple.com/kb/HT210351
support.apple.com/kb/HT210353
support.apple.com/kb/HT210356
support.apple.com/kb/HT210357
support.apple.com/kb/HT210358
usn.ubuntu.com/4164-1
www.oracle.com/security-alerts/cpujan2020.html
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
67.3%