← Zuruck zu CVEs
CVE-2019-13118
MEDIUM5.3
Beschreibung
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
CVE Details
CVSS v3.1 Bewertung5.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht7/1/2019
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
apple:icloudapple:iphone_osapple:itunesapple:mac_os_xapple:macosapple:tvoscanonical:ubuntu_linuxfedoraproject:fedoranetapp:active_iq_unified_managernetapp:cloud_backupnetapp:clustered_data_ontapnetapp:e-series_performance_analyzernetapp:e-series_santricity_management_plug-insnetapp:e-series_santricity_os_controllernetapp:e-series_santricity_storage_managernetapp:e-series_santricity_web_servicesnetapp:oncommand_insightnetapp:oncommand_workflow_automationnetapp:ontap_select_deploy_administration_utilitynetapp:plug-in_for_symantec_netbackupnetapp:santricity_unified_managernetapp:steelstore_cloud_integrated_storageopensuse:leaporacle:jdkxmlsoft:libxslt
Schwachen (CWE)
CWE-843
Referenzen
http://seclists.org/fulldisclosure/2019/Aug/11(cve@mitre.org)
http://seclists.org/fulldisclosure/2019/Aug/13(cve@mitre.org)
http://seclists.org/fulldisclosure/2019/Aug/14(cve@mitre.org)
http://seclists.org/fulldisclosure/2019/Aug/15(cve@mitre.org)
http://seclists.org/fulldisclosure/2019/Jul/22(cve@mitre.org)
http://seclists.org/fulldisclosure/2019/Jul/23(cve@mitre.org)
http://seclists.org/fulldisclosure/2019/Jul/24(cve@mitre.org)
http://seclists.org/fulldisclosure/2019/Jul/26(cve@mitre.org)
http://seclists.org/fulldisclosure/2019/Jul/31(cve@mitre.org)
http://seclists.org/fulldisclosure/2019/Jul/37(cve@mitre.org)
http://seclists.org/fulldisclosure/2019/Jul/38(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2019/11/17/2(cve@mitre.org)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069(cve@mitre.org)
https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b(cve@mitre.org)
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E(cve@mitre.org)
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/(cve@mitre.org)
https://oss-fuzz.com/testcase-detail/5197371471822848(cve@mitre.org)
https://seclists.org/bugtraq/2019/Aug/21(cve@mitre.org)
https://seclists.org/bugtraq/2019/Aug/22(cve@mitre.org)
https://seclists.org/bugtraq/2019/Aug/23(cve@mitre.org)
https://seclists.org/bugtraq/2019/Aug/25(cve@mitre.org)
https://seclists.org/bugtraq/2019/Jul/35(cve@mitre.org)
https://seclists.org/bugtraq/2019/Jul/36(cve@mitre.org)
https://seclists.org/bugtraq/2019/Jul/37(cve@mitre.org)
https://seclists.org/bugtraq/2019/Jul/40(cve@mitre.org)
https://seclists.org/bugtraq/2019/Jul/41(cve@mitre.org)
https://seclists.org/bugtraq/2019/Jul/42(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20190806-0004/(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20200122-0003/(cve@mitre.org)
https://support.apple.com/kb/HT210346(cve@mitre.org)
https://support.apple.com/kb/HT210348(cve@mitre.org)
https://support.apple.com/kb/HT210351(cve@mitre.org)
https://support.apple.com/kb/HT210353(cve@mitre.org)
https://support.apple.com/kb/HT210356(cve@mitre.org)
https://support.apple.com/kb/HT210357(cve@mitre.org)
https://support.apple.com/kb/HT210358(cve@mitre.org)
https://usn.ubuntu.com/4164-1/(cve@mitre.org)
https://www.oracle.com/security-alerts/cpujan2020.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Aug/11(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Aug/13(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Aug/14(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Aug/15(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Jul/22(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Jul/23(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Jul/24(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Jul/26(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Jul/31(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Jul/37(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Jul/38(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/11/17/2(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/(af854a3a-2127-422b-91ae-364da2661108)
https://oss-fuzz.com/testcase-detail/5197371471822848(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Aug/21(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Aug/22(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Aug/23(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Aug/25(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Jul/35(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Jul/36(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Jul/37(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Jul/40(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Jul/41(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Jul/42(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20190806-0004/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20200122-0003/(af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT210346(af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT210348(af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT210351(af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT210353(af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT210356(af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT210357(af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT210358(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4164-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2020.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.