Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2019-13118
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 5/10
- Exploit Score
- 10/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- Partial
- Availability Impact
- None
- Integrity Impact
- None
CVSSv3.1 Score
- Severity
- Medium
- Base Score
- 5.3/10
- Exploit Score
- 3.9/10
- Access Vector
- Network
- Access Complexity
- Low
- Privileges Required
- None
- Impact Score
- 1.4/10
- Confidentiality Impact
- Low
- Availability Impact
- None
- Integrity Impact
- None
- Scope
- Unchanged
- User Interaction
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility: |
Yes
|
- | - | |
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_ |
Yes
|
- | - | |
cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows |
Yes
|
- | - | |
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:* |
Yes
|
11.0 | - | |
cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* |
Yes
|
- | 12.4 | |
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
Yes
|
- | 12.4 | |
cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:* |
Yes
|
- | 7.13 | |
cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:* |
Yes
|
- | 12.9.6 | |
cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:* |
Yes
|
10.0 | 10.6 | |
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-003:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-002:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-001:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
Yes
|
10.4.6 | 10.14.6 |
References
- https://oss-fuzz.com/testcase-detail/5197371471822848
- https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
- https://support.apple.com/kb/HT210346
- https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
- https://support.apple.com/kb/HT210353
- https://support.apple.com/kb/HT210348
- https://support.apple.com/kb/HT210351
- https://seclists.org/bugtraq/2019/Jul/37
- https://seclists.org/bugtraq/2019/Jul/36
- https://seclists.org/bugtraq/2019/Jul/35
- http://seclists.org/fulldisclosure/2019/Jul/24
- http://seclists.org/fulldisclosure/2019/Jul/22
- http://seclists.org/fulldisclosure/2019/Jul/26
- https://support.apple.com/kb/HT210356
- http://seclists.org/fulldisclosure/2019/Jul/23
- https://support.apple.com/kb/HT210357
- https://support.apple.com/kb/HT210358
- https://seclists.org/bugtraq/2019/Jul/41
- https://seclists.org/bugtraq/2019/Jul/42
- https://seclists.org/bugtraq/2019/Jul/40
- http://seclists.org/fulldisclosure/2019/Jul/31
- http://seclists.org/fulldisclosure/2019/Jul/38
- http://seclists.org/fulldisclosure/2019/Jul/37
- https://security.netapp.com/advisory/ntap-20190806-0004/
- https://seclists.org/bugtraq/2019/Aug/25
- https://seclists.org/bugtraq/2019/Aug/23
- https://seclists.org/bugtraq/2019/Aug/21
- https://seclists.org/bugtraq/2019/Aug/22
- http://seclists.org/fulldisclosure/2019/Aug/14
- http://seclists.org/fulldisclosure/2019/Aug/13
- http://seclists.org/fulldisclosure/2019/Aug/11
- http://seclists.org/fulldisclosure/2019/Aug/15
- https://usn.ubuntu.com/4164-1/
- http://www.openwall.com/lists/oss-security/2019/11/17/2
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://security.netapp.com/advisory/ntap-20200122-0003/
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a45089
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b