VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-76fj-htxj-aaah

Essentials
Severities (136)
References (44)
Severity details (47)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-76fj-htxj-aaah
Aliases	CVE-2019-18197 GHSA-242x-7cm6-4w8j
Summary	In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-416	Use After Free
CWE-908	Use of Uninitialized Resource
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18197.html
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2020:0514
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2020:0514
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:4005
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:4464
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json
epss	0.00738	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.00738	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.00738	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.00738	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01271	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01271	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01271	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01271	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01271	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01271	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01271	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01271	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01271	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01271	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01271	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01271	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.01478	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
epss	0.06764	https://api.first.org/data/v1/epss?cve=CVE-2019-18197
cvssv3.1	7.5	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
generic_textual	HIGH	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
cvssv3.1	7.5	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
generic_textual	HIGH	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
cvssv3.1	7.5	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
generic_textual	HIGH	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1770768
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-242x-7cm6-4w8j
cvssv3.1	8.2	https://github.com/sparklemotion/nokogiri
generic_textual	HIGH	https://github.com/sparklemotion/nokogiri
cvssv3.1	7.5	https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934
generic_textual	HIGH	https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934
cvssv3	7.5	https://github.com/sparklemotion/nokogiri/issues/1943
cvssv3.1	7.5	https://github.com/sparklemotion/nokogiri/issues/1943
generic_textual	HIGH	https://github.com/sparklemotion/nokogiri/issues/1943
cvssv3.1	7.5	https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
generic_textual	HIGH	https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html
cvssv2	5.1	https://nvd.nist.gov/vuln/detail/CVE-2019-18197
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2019-18197
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2019-18197
archlinux	Critical	https://security.archlinux.org/AVG-1092
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20191031-0004
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20191031-0004
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20200416-0004
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20200416-0004
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4164-1
cvssv3.1	7.5	https://usn.ubuntu.com/4164-1
generic_textual	HIGH	https://usn.ubuntu.com/4164-1
generic_textual	Medium	https://usn.ubuntu.com/usn/usn-4164-1
cvssv3.1	9.8	https://www.oracle.com/security-alerts/cpuapr2020.html
generic_textual	CRITICAL	https://www.oracle.com/security-alerts/cpuapr2020.html
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2019/11/17/2
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2019/11/17/2

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
		http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
		http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
		http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
		http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18197.html
		https://access.redhat.com/errata/RHSA-2020:0514
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-18197
		https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
		https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
		https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/sparklemotion/nokogiri
		https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934
		https://github.com/sparklemotion/nokogiri/issues/1943
		https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
		https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html
		https://security.netapp.com/advisory/ntap-20191031-0004
		https://security.netapp.com/advisory/ntap-20191031-0004/
		https://security.netapp.com/advisory/ntap-20200416-0004
		https://security.netapp.com/advisory/ntap-20200416-0004/
		https://ubuntu.com/security/notices/USN-4164-1
		https://usn.ubuntu.com/4164-1
		https://usn.ubuntu.com/4164-1/
		https://usn.ubuntu.com/usn/usn-4164-1
		https://www.oracle.com/security-alerts/cpuapr2020.html
		http://www.openwall.com/lists/oss-security/2019/11/17/2
1770768		https://bugzilla.redhat.com/show_bug.cgi?id=1770768
942646		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646
ASA-202002-3		https://security.archlinux.org/ASA-202002-3
AVG-1092		https://security.archlinux.org/AVG-1092
cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
CVE-2019-18197		https://nvd.nist.gov/vuln/detail/CVE-2019-18197
CVE-2019-18197.YML		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml
GHSA-242x-7cm6-4w8j		https://github.com/advisories/GHSA-242x-7cm6-4w8j
RHSA-2020:4005		https://access.redhat.com/errata/RHSA-2020:4005
RHSA-2020:4464		https://access.redhat.com/errata/RHSA-2020:4464

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2020:0514

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://github.com/sparklemotion/nokogiri

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/sparklemotion/nokogiri/issues/1943

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-18197

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-18197

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-18197

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20191031-0004

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20200416-0004

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://usn.ubuntu.com/4164-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuapr2020.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2019/11/17/2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.80658
EPSS Score	0.00738
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.