CVE-2019-13118
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
libxslt Type Confusion vulnerability that affects Nokogiri
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2019-13118
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2019-13118.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 1.1.32-2.1 |
| debian | bullseye | fixed | 1.1.32-2.1 |
| debian | forky | fixed | 1.1.32-2.1 |
| debian | sid | fixed | 1.1.32-2.1 |
| debian | trixie | fixed | 1.1.32-2.1 |
References
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
- https://www.suse.com/security/cve/CVE-2019-13118.html
- https://security-tracker.debian.org/tracker/CVE-2019-13118
- https://nvd.nist.gov/vuln/detail/CVE-2019-13118
- https://github.com/sparklemotion/nokogiri/issues/1943
- https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e
- https://seclists.org/bugtraq/2019/Jul/37
- https://seclists.org/bugtraq/2019/Jul/40
- https://seclists.org/bugtraq/2019/Jul/41
- https://seclists.org/bugtraq/2019/Jul/42
- https://security.netapp.com/advisory/ntap-20190806-0004
- https://security.netapp.com/advisory/ntap-20200122-0003
- https://support.apple.com/kb/HT210346
- https://support.apple.com/kb/HT210348
- https://support.apple.com/kb/HT210351
- https://support.apple.com/kb/HT210353
- https://support.apple.com/kb/HT210356
- https://support.apple.com/kb/HT210357
- https://support.apple.com/kb/HT210358
- https://usn.ubuntu.com/4164-1
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://seclists.org/bugtraq/2019/Jul/36
- https://seclists.org/bugtraq/2019/Jul/35
- https://seclists.org/bugtraq/2019/Aug/25
- https://seclists.org/bugtraq/2019/Aug/23
Verify integrity in audit chain (admin only). AS-IS.