CVE-2015-9019

CWE-33010 documents7 sources
Severity
5.3MEDIUM
EPSS
0.6%
top 30.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xmlsoft Libxslt
Timeline
PublishedApr 5
Latest updateMay 17

Description

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDxmlsoft/libxslt1.1.29

Patches

Patch: bugzilla.gnome.orgPatch: bugzilla.suse.comPatch: bugzilla.gnome.org

🔴Vulnerability Details

3
GHSA
GHSA-8xxg-m548-vx69: In libxslt 12022-05-17
OSV
CVE-2015-9019: In libxslt 12017-04-05
CVEList
CVE-2015-9019: In libxslt 12017-04-05

📋Vendor Advisories

2
Red Hat
libxslt: math.random() in xslt uses unseeded randomness2015-11-20
Debian
CVE-2015-9019: libxslt - In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialize...2015

💬Community

4
Bugzilla
CVE-2015-9019 mingw-libxslt: libxslt: math.random() in xslt uses unseeded randomness [fedora-all]2017-04-06
Bugzilla
CVE-2015-9019 libxslt: math.random() in xslt uses unseeded randomness [fedora-all]2017-04-06
Bugzilla
CVE-2015-9019 libxslt: math.random() in xslt uses unseeded randomness2017-04-06
Bugzilla
CVE-2015-9019 mingw-libxslt: libxslt: math.random() in xslt uses unseeded randomness [epel-7]2017-04-06
CVE-2015-9019 (MEDIUM CVSS 5.3) | In libxslt 1.1.29 and earlier | cvebase.io