Sign In

CVE-2019-18197

ADVISORY - github

Summary

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.

Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.34, which contains a patch for this issue.

EPSS Score: 0.01478 (0.801)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-416

Use After Free

CWE-908

Use of Uninitialized Resource

ADVISORY - github

CWE-416

Use After Free

CWE-908

Use of Uninitialized Resource

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-416

Use After Free

CWE-908

Use of Uninitialized Resource

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-416

Use After Free

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in