Lucene search
Symantec Security ResponseSMNTC-109323HistoryJun 30, 2019 - 12:00 a.m.
libxslt CVE-2019-13118 Stack Buffer Overflow Vulnerability
2019-06-3000:00:00
Symantec Security Response
www.symantec.com
21
Description
libxslt is prone to a stack-based buffer-overflow vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. libxslt 1.1.33 is vulnerable; other versions may also be affected.
Technologies Affected
- Apple TV
- Apple Watch
- Apple iOS 10
- Apple iOS 10.0.1
- Apple iOS 10.1
- Apple iOS 10.2
- Apple iOS 10.2.1
- Apple iOS 10.3
- Apple iOS 10.3.1
- Apple iOS 10.3.2
- Apple iOS 10.3.3
- Apple iOS 11
- Apple iOS 11.1
- Apple iOS 11.2
- Apple iOS 11.2.1
- Apple iOS 11.2.2
- Apple iOS 11.2.5
- Apple iOS 11.2.6
- Apple iOS 11.3
- Apple iOS 11.3.1
- Apple iOS 11.4
- Apple iOS 11.4.1
- Apple iOS 12
- Apple iOS 12.0.1
- Apple iOS 12.1
- Apple iOS 12.1.1
- Apple iOS 12.1.3
- Apple iOS 12.1.4
- Apple iOS 12.2
- Apple iOS 12.3
- Apple iOS 2.0
- Apple iOS 2.1
- Apple iOS 3
- Apple iOS 3.0
- Apple iOS 3.1
- Apple iOS 3.2
- Apple iOS 3.2.1
- Apple iOS 3.2.2
- Apple iOS 4
- Apple iOS 4
- Apple iOS 4.0.1
- Apple iOS 4.0.2
- Apple iOS 4.1
- Apple iOS 4.2
- Apple iOS 4.2.1
- Apple iOS 4.2.10
- Apple iOS 4.2.5
- Apple iOS 4.2.6
- Apple iOS 4.2.7
- Apple iOS 4.2.8
- Apple iOS 4.2.9
- Apple iOS 4.3
- Apple iOS 4.3.1
- Apple iOS 4.3.2
- Apple iOS 4.3.3
- Apple iOS 4.3.4
- Apple iOS 4.3.5
- Apple iOS 5
- Apple iOS 5
- Apple iOS 5.0.1
- Apple iOS 5.1
- Apple iOS 5.1.1
- Apple iOS 6
- Apple iOS 6.0.1
- Apple iOS 6.0.2
- Apple iOS 6.1
- Apple iOS 6.1.3
- Apple iOS 6.1.4
- Apple iOS 6.1.6
- Apple iOS 6.3.1
- Apple iOS 7
- Apple iOS 7.0.1
- Apple iOS 7.0.2
- Apple iOS 7.0.3
- Apple iOS 7.0.4
- Apple iOS 7.0.5
- Apple iOS 7.0.6
- Apple iOS 7.1
- Apple iOS 7.1.1
- Apple iOS 7.1.2
- Apple iOS 7.2.0
- Apple iOS 8
- Apple iOS 8.1
- Apple iOS 8.1.1
- Apple iOS 8.1.2
- Apple iOS 8.1.3
- Apple iOS 8.2
- Apple iOS 8.3
- Apple iOS 8.4
- Apple iOS 8.4.1
- Apple iOS 9
- Apple iOS 9.0.1
- Apple iOS 9.0.2
- Apple iOS 9.1
- Apple iOS 9.2
- Apple iOS 9.2.1
- Apple iOS 9.3
- Apple iOS 9.3.1
- Apple iOS 9.3.2
- Apple iOS 9.3.3
- Apple iOS 9.3.4
- Apple iOS 9.3.5
- Apple iPad Air
- Apple iPhone 5s
- Apple iPod Touch
- Apple macOS 10.12
- Apple macOS 10.12.1
- Apple macOS 10.12.2
- Apple macOS 10.12.3
- Apple macOS 10.12.4
- Apple macOS 10.12.5
- Apple macOS 10.12.6
- Apple macOS 10.13
- Apple macOS 10.13.1
- Apple macOS 10.13.2
- Apple macOS 10.13.3
- Apple macOS 10.13.4
- Apple macOS 10.13.5
- Apple macOS 10.13.6
- Apple macOS 10.14
- Apple macOS 10.14.1
- Apple macOS 10.14.2
- Apple macOS 10.14.3
- Apple macOS 10.14.4
- Apple macOS 10.14.5
- Apple tvOS 10
- Apple tvOS 10.0.1
- Apple tvOS 10.1
- Apple tvOS 10.1.1
- Apple tvOS 10.2
- Apple tvOS 10.2.1
- Apple tvOS 10.2.2
- Apple tvOS 11
- Apple tvOS 11.1
- Apple tvOS 11.2
- Apple tvOS 11.2.1
- Apple tvOS 11.2.5
- Apple tvOS 11.2.6
- Apple tvOS 11.4
- Apple tvOS 11.4.1
- Apple tvOS 12
- Apple tvOS 12.1.1
- Apple tvOS 12.1.2
- Apple tvOS 12.2.1
- Apple tvOS 12.3
- Apple tvOS 9.0
- Apple tvOS 9.1
- Apple tvOS 9.1.1
- Apple tvOS 9.2
- Apple tvOS 9.2.1
- Apple tvOS 9.2.2
- Apple watchOS 1.0
- Apple watchOS 1.0.1
- Apple watchOS 10.1.1
- Apple watchOS 2.0
- Apple watchOS 2.0.1
- Apple watchOS 2.1
- Apple watchOS 2.2
- Apple watchOS 2.2.1
- Apple watchOS 2.2.2
- Apple watchOS 3
- Apple watchOS 3.0
- Apple watchOS 3.1
- Apple watchOS 3.1.1
- Apple watchOS 3.1.3
- Apple watchOS 3.2
- Apple watchOS 3.2.1
- Apple watchOS 3.2.2
- Apple watchOS 3.2.3
- Apple watchOS 4
- Apple watchOS 4.1
- Apple watchOS 4.2
- Apple watchOS 4.2.2
- Apple watchOS 4.2.3
- Apple watchOS 4.3
- Apple watchOS 4.3.1
- Apple watchOS 4.3.2
- Apple watchOS 5
- Apple watchOS 5.1.2
- Apple watchOS 5.1.3
- Apple watchOS 5.2.1
- Oracle JDK(Linux Production Release) 1.8.0 Update 241
- Oracle JDK(Solaris Production Release) 1.8.0 Update 241
- Oracle JDK(Windows Production Release) 1.8.0 Update 241
- Oracle JRE(Linux Production Release) 1.8.0 Update 241
- Oracle JRE(Solaris Production Release) 1.8.0 Update 241
- Oracle JRE(Windows Production Release) 1.8.0 Update 241
- XMLSoft libxslt 1.1.33
Recommendations
Block external access at the network boundary, unless external parties require service.
If global access isn’t needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.
Updates are available. Please see the references or vendor advisory for more information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apple watchos | eq | 4 | |
| apple ios | eq | 7.0.6 | |
| apple tvos | eq | 12.3 | |
| apple watchos | eq | 3.1 | |
| apple ios | eq | 9.3.2 | |
| apple ios | eq | 5 | |
| apple ios | eq | 5 | |
| apple macos | eq | 10.14.3 | |
| apple ios | eq | 8.1.1 | |
| apple ios | eq | 8.1.3 |
References
Related
cve
cve
CVE-2019-13118
2019-07-01 02:15:00
debiancve
debiancve
CVE-2019-13118
2019-07-01 02:15:00
github
github
libxslt Type Confusion vulnerability that affects Nokogiri
2022-05-24 16:49:07
ubuntucve
ubuntucve
CVE-2019-13118
2019-07-01 00:00:00
osv
osv
libxslt Type Confusion vulnerability that affects Nokogiri
2022-05-24 16:49:07
CVE-2019-13118
2019-07-01 02:15:09
libxslt - security update
2019-07-22 00:00:00
alpinelinux
alpinelinux
CVE-2019-13118
2019-07-01 02:15:00
prion
prion
Design/Logic Flaw
2019-07-01 02:15:00
redhatcve
redhatcve
CVE-2019-13118
2019-07-10 07:22:13
nessus
nessus
Photon OS 1.0: Libxslt PHSA-2019-1.0-0246
2019-08-26 00:00:00
SUSE SLED12 / SLES12 Security Update : libxslt (SUSE-SU-2019:1867-1)
2019-07-19 00:00:00
EulerOS 2.0 SP8 : libxslt (EulerOS-SA-2020-1017)
2020-01-02 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2020-1017)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-1913)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1867-1)
2021-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: libxslt-1.1.34-1.fc30
2020-03-26 09:48:01
[SECURITY] Fedora 31 Update: libxslt-1.1.33-4.fc31
2019-10-29 01:28:27
[SECURITY] Fedora 31 Update: libxslt-1.1.34-1.fc31
2020-03-18 02:23:20
suse
suse
Security update for libxslt (moderate)
2020-05-29 00:00:00
cloudfoundry
cloudfoundry
USN-4164-1: Libxslt vulnerabilities | Cloud Foundry
2019-11-06 00:00:00
f5
f5
ubuntu
ubuntu
Libxslt vulnerabilities
2019-10-22 00:00:00
mageia
mageia
Updated libxslt packages fix security vulnerabilities
2019-11-02 19:54:34
rubygems
rubygems
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
2019-10-30 21:00:00
debian
debian
[SECURITY] [DLA 1860-1] libxslt security update
2019-07-22 16:16:47
photon
photon
amazon
amazon
Important: java-11-amazon-corretto
2020-01-14 23:07:00
kaspersky
kaspersky
KLA11646 Multiple vulnerabilities in Oracle JRE
2020-01-05 00:00:00
KLA11526 Multiple vulnerabilities in Apple iTunes
2019-07-23 00:00:00
KLA11527 Multiple vulnerabilities in Apple iCloud
2019-07-25 00:00:00
apple
apple
About the security content of iTunes 12.9.6 for Windows
2019-07-23 00:00:00
About the security content of iCloud for Windows 10.6
2019-07-23 00:00:00
About the security content of iCloud for Windows 7.13
2019-07-23 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
oracle
oracle
Oracle Critical Patch Update Advisory - January 2020
2020-01-14 00:00:00
Related for SMNTC-109323