{
  "threat_severity" : "Moderate",
  "public_date" : "2019-10-18T00:00:00Z",
  "bugzilla" : {
    "description" : "libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure",
    "id" : "1770768",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1770768"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed." ],
  "statement" : "Red Hat OpenStack consumes fixes from the base Red Hat Enterprise Linux Operating System. Therefore the libxslt package provided by Red Hat OpenStack has been marked as 'will not fix'.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2020-02-17T00:00:00Z",
    "advisory" : "RHSA-2020:0514",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "chromium-browser-0:80.0.3987.87-1.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-09-29T00:00:00Z",
    "advisory" : "RHSA-2020:4005",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "libxslt-0:1.1.28-6.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4464",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libxslt-0:1.1.32-5.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4464",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "libxslt-0:1.1.32-5.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "libxslt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "libxslt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat OpenStack Platform 10 (Newton)",
    "fix_state" : "Will not fix",
    "package_name" : "libxslt",
    "cpe" : "cpe:/a:redhat:openstack:10"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13 (Queens)",
    "fix_state" : "Will not fix",
    "package_name" : "libxslt",
    "cpe" : "cpe:/a:redhat:openstack:13"
  }, {
    "product_name" : "Red Hat OpenStack Platform 14 (Rocky)",
    "fix_state" : "Will not fix",
    "package_name" : "libxslt",
    "cpe" : "cpe:/a:redhat:openstack:14"
  }, {
    "product_name" : "Red Hat Storage 3",
    "fix_state" : "Affected",
    "package_name" : "libxslt",
    "cpe" : "cpe:/a:redhat:storage:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-18197\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18197" ],
  "name" : "CVE-2019-18197",
  "csaw" : false
}