In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 03:03
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
06 Apr 2023, 19:30
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
|
First Time |
Oracle
Debian Canonical ubuntu Linux Fedoraproject fedora Debian debian Linux Oracle openjdk Canonical Opensuse leap Opensuse Fedoraproject |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
References |
|
|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2020.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E - Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2019/11/17/2 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20200122-0003/ - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20190806-0004/ - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/ - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4164-1/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html - Mailing List, Third Party Advisory |
29 Jun 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-07-01 02:15
Updated : 2023-12-10 12:59
NVD link : CVE-2019-13117
Mitre link : CVE-2019-13117
CVE.ORG link : CVE-2019-13117
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
xmlsoft
- libxslt
opensuse
- leap
oracle
- openjdk
canonical
- ubuntu_linux
CWE
CWE-908
Use of Uninitialized Resource