HIGH 7.5
GHSA-cf46-6xxh-pc75
libxslt Type Confusion vulnerability that affects Nokogiri
Details
In `numbers.c` in libxslt 1.1.33, a type holding grouping characters of an `xsl:number` instruction was too narrow and an invalid character/length combination could be passed to `xsltNumberFormatDecimal`, leading to a read of uninitialized stack data.
Nokogiri prior to version 1.10.5 used a vulnerable version of libxslt. Nokogiri 1.10.5 updated libxslt to version 1.1.34 to address this and other vulnerabilities in libxslt.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2019-13118 [ADVISORY]
- https://github.com/sparklemotion/nokogiri/issues/1943 [WEB]
- https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e [WEB]
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069 [WEB]
- https://seclists.org/bugtraq/2019/Jul/36 [WEB]
- https://seclists.org/bugtraq/2019/Jul/37 [WEB]
- https://seclists.org/bugtraq/2019/Jul/40 [WEB]
- https://seclists.org/bugtraq/2019/Jul/41 [WEB]
- https://seclists.org/bugtraq/2019/Jul/42 [WEB]
- https://security.netapp.com/advisory/ntap-20190806-0004 [WEB]
- https://security.netapp.com/advisory/ntap-20200122-0003 [WEB]
- https://support.apple.com/kb/HT210346 [WEB]
- https://support.apple.com/kb/HT210348 [WEB]
- https://support.apple.com/kb/HT210351 [WEB]
- https://support.apple.com/kb/HT210353 [WEB]
- https://support.apple.com/kb/HT210356 [WEB]
- https://support.apple.com/kb/HT210357 [WEB]
- https://support.apple.com/kb/HT210358 [WEB]
- https://usn.ubuntu.com/4164-1 [WEB]
- https://www.oracle.com/security-alerts/cpujan2020.html [WEB]
- https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796 [WEB]
- https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5 [WEB]
- https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b [WEB]
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E [WEB]
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E [WEB]
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E [WEB]
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E [WEB]
- https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ [WEB]
- https://oss-fuzz.com/testcase-detail/5197371471822848 [WEB]
- https://seclists.org/bugtraq/2019/Aug/21 [WEB]
- https://seclists.org/bugtraq/2019/Aug/22 [WEB]
- https://seclists.org/bugtraq/2019/Aug/23 [WEB]
- https://seclists.org/bugtraq/2019/Aug/25 [WEB]
- https://seclists.org/bugtraq/2019/Jul/35 [WEB]
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html [WEB]
- http://seclists.org/fulldisclosure/2019/Aug/11 [WEB]
- http://seclists.org/fulldisclosure/2019/Aug/13 [WEB]
- http://seclists.org/fulldisclosure/2019/Aug/14 [WEB]
- http://seclists.org/fulldisclosure/2019/Aug/15 [WEB]
- http://seclists.org/fulldisclosure/2019/Jul/22 [WEB]
- http://seclists.org/fulldisclosure/2019/Jul/23 [WEB]
- http://seclists.org/fulldisclosure/2019/Jul/24 [WEB]
- http://seclists.org/fulldisclosure/2019/Jul/26 [WEB]
- http://seclists.org/fulldisclosure/2019/Jul/31 [WEB]
- http://seclists.org/fulldisclosure/2019/Jul/37 [WEB]
- http://seclists.org/fulldisclosure/2019/Jul/38 [WEB]
- http://www.openwall.com/lists/oss-security/2019/11/17/2 [WEB]