ID CVE-2019-13117
Summary In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
References
Vulnerable Configurations
  • cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*
    cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-06-2021 - 15:15)
Impact:
Exploitability:
CWE CWE-908
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
confirm
fedora FEDORA-2019-fdf6ec39b4
misc
mlist
  • [debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update
  • [oss-security] 20191117 Nokogiri security update v1.10.5
suse openSUSE-SU-2020:0731
ubuntu USN-4164-1
Last major update 29-06-2021 - 15:15
Published 01-07-2019 - 02:15
Last modified 29-06-2021 - 15:15
Back to Top