CVE-2019-13117
published 2019-07-01CVE-2019-13117: In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow…
PriorityP433medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
6.46%
92.9th percentile
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxslt | < libxslt 1.1.32-2.1 (bookworm) | libxslt 1.1.32-2.1 (bookworm) |
| fedoraproject | fedora | — | — |
| nokogiri | nokogiri | >= 0 < 1.10.5 | 1.10.5 |
| opensuse | leap | — | — |
| oracle | openjdk | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | >= 0 < 1.1.32-2.1 | 1.1.32-2.1 |
| xmlsoft | libxslt | >= 0 < 1.1.32-2.1 | 1.1.32-2.1 |
| xmlsoft | libxslt | >= 0 < 1.1.32-2.1 | 1.1.32-2.1 |
| xmlsoft | libxslt | >= 0 < 1.1.32-2.1 | 1.1.32-2.1 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2.1ubuntu0.3 | 1.1.28-2.1ubuntu0.3 |
| xmlsoft | libxslt | >= 0 < 1.1.29-5ubuntu0.2 | 1.1.29-5ubuntu0.2 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2ubuntu0.2+esm1 | 1.1.28-2ubuntu0.2+esm1 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.3MEDIUM
vendor_oracle7.5MEDIUM
vendor_debian5.3LOW
vendor_redhat5.3MEDIUM
vendor_ubuntu5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle Java SE Risk Matrix: JavaFX (libxslt) — CVE-2019-13117
vendor_oracle·2020-01-15·CVSS 7.5
CVE-2019-13117 [MEDIUM] Oracle Oracle Java SE Risk Matrix: JavaFX (libxslt) — CVE-2019-13117
Oracle Oracle Java SE Risk Matrix: JavaFX (libxslt) vulnerability
CVE: CVE-2019-13117
CVSS: 7.5
Protocol: Multiple
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2020 (JAN 2020)
Ubuntu
Libxslt vulnerabilities
vendor_ubuntu·2019-10-22·CVSS 5.3
CVE-2019-13117 [MEDIUM] Libxslt vulnerabilities
Title: Libxslt vulnerabilities
Summary: Several security issues were fixed in Libxslt.
It was discovered that Libxslt incorrectly handled certain documents.
An attacker could possibly use this issue to access sensitive information.
This issue not affected Ubuntu 19.10. (CVE-2019-13117, CVE-2019-13118)
It was discovered that Libxslt incorrectly handled certain documents.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-18197)
Instructions: In general, a standard system update will make all the necessary changes.
make all the necessary changes.
Red Hat
libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers
vendor_redhat·2019-06-30·CVSS 5.3
CVE-2019-13117 [MEDIUM] CWE-134 libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers
libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
Statement: RH ProdSec scores this vulnerability as "Low" due to complex prerequisites for successful exploitation.
* The attacker must be able to supply an XSLT file to a system that automatically processes it using libxslt.
* An xsl:number element must be present with a malformed format string designed to cause an uninitialized read in xsltNumberFormatInsertNumbers.
* While a successful exploitatio
Debian
CVE-2019-13117: libxslt - In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could ...
vendor_debian·2019·CVSS 5.3
CVE-2019-13117 [MEDIUM] CVE-2019-13117: libxslt - In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could ...
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
Scope: local
bookworm: resolved (fixed in 1.1.32-2.1)
bullseye: resolved (fixed in 1.1.32-2.1)
forky: resolved (fixed in 1.1.32-2.1)
sid: resolved (fixed in 1.1.32-2.1)
trixie: resolved (fixed in 1.1.32-2.1)
OSV
Uninitialized read in Nokogiri gem
osv·2022-05-24
CVE-2019-13117 [HIGH] Uninitialized read in Nokogiri gem
Uninitialized read in Nokogiri gem
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
GHSA
Uninitialized read in Nokogiri gem
ghsa·2022-05-24
CVE-2019-13117 [HIGH] CWE-908 Uninitialized read in Nokogiri gem
Uninitialized read in Nokogiri gem
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
OSV
libxslt vulnerabilities
osv·2019-10-22·CVSS 5.3
CVE-2019-13117 [MEDIUM] libxslt vulnerabilities
libxslt vulnerabilities
It was discovered that Libxslt incorrectly handled certain documents.
An attacker could possibly use this issue to access sensitive information.
This issue not affected Ubuntu 19.10. (CVE-2019-13117, CVE-2019-13118)
It was discovered that Libxslt incorrectly handled certain documents.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-18197)
OSV
CVE-2019-13117: In numbers
osv·2019-07-01·CVSS 5.3
CVE-2019-13117 [MEDIUM] CVE-2019-13117: In numbers
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-13117 libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers [fedora-all]
bugzilla·2019-07-10·CVSS 5.3
CVE-2019-13117 [MEDIUM] CVE-2019-13117 libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers [fedora-all]
CVE-2019-13117 libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg
Bugzilla
CVE-2019-13117 mingw-libxslt: libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers [epel-7]
bugzilla·2019-07-10·CVSS 5.3
CVE-2019-13117 [MEDIUM] CVE-2019-13117 mingw-libxslt: libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers [epel-7]
CVE-2019-13117 mingw-libxslt: libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bugzilla
CVE-2019-13117 mingw-libxslt: libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers [fedora-all]
bugzilla·2019-07-10·CVSS 5.3
CVE-2019-13117 [MEDIUM] CVE-2019-13117 mingw-libxslt: libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers [fedora-all]
CVE-2019-13117 mingw-libxslt: libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog
Bugzilla
CVE-2019-13117 libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers
bugzilla·2019-07-10·CVSS 5.3
CVE-2019-13117 [MEDIUM] CVE-2019-13117 libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers
CVE-2019-13117 libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers
A vulnerability was discovered in numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
Upstream commit:
https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
Discussion:
Created libxslt tracking bugs for this issue:
Affects: fedora-all [bug 1728547]
Created mingw-libxslt tracking bugs for this issue:
Affects: epel-7 [bug 1728549]
Affects: fedora-all [bug 1728548]
---
There's a bug on libxslt while p
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.htmlhttp://www.openwall.com/lists/oss-security/2019/11/17/2https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2019/07/msg00020.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/https://oss-fuzz.com/testcase-detail/5631739747106816https://security.netapp.com/advisory/ntap-20190806-0004/https://security.netapp.com/advisory/ntap-20200122-0003/https://usn.ubuntu.com/4164-1/https://www.oracle.com/security-alerts/cpujan2020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.htmlhttp://www.openwall.com/lists/oss-security/2019/11/17/2https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2019/07/msg00020.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/https://oss-fuzz.com/testcase-detail/5631739747106816https://security.netapp.com/advisory/ntap-20190806-0004/https://security.netapp.com/advisory/ntap-20200122-0003/https://usn.ubuntu.com/4164-1/https://www.oracle.com/security-alerts/cpujan2020.html
2019-07-01
Published