CVE-2019-13118

MEDIUMMonitor

Published:Jul 1, 2019(6 years ago)

Modified:Nov 21, 2024

Remote ExploitNo Auth RequiredNo InteractionLow Complexity

Vulnerability Description

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

Attack Characteristics

Network AccessLow ComplexityNo Auth NeededNo User Interaction

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
xmlsoft	libxslt	-	-
opensuse	leap	-	-
netapp	active_iq_unified_manager	-

Timeline

Published
CVE disclosed publicly
Jul 1, 20196 years ago
Last Modified
Most recent update
Nov 21, 20241 year ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

https://seclists.org/bugtraq/2019/Jul/36Mailing List
https://seclists.org/bugtraq/2019/Jul/37Mailing List
https://seclists.org/bugtraq/2019/Jul/40Mailing List

CVSS Score

v3.1

5.3/ 10.0

MEDIUM

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

At a Glance

Affected Products

References

xmlsoft / libxslt

https://seclists.org/bugtraq/2019/Jul/41Mailing List

https://seclists.org/bugtraq/2019/Jul/42Mailing List

https://security.netapp.com/advisory/ntap-20190806-0004/Third Party Advisory

https://security.netapp.com/advisory/ntap-20200122-0003/Third Party Advisory

https://support.apple.com/kb/HT210346Third Party Advisory

https://support.apple.com/kb/HT210348Third Party Advisory

https://support.apple.com/kb/HT210351Third Party Advisory

https://support.apple.com/kb/HT210353Third Party Advisory

https://support.apple.com/kb/HT210356Third Party Advisory

https://support.apple.com/kb/HT210357Third Party Advisory

https://support.apple.com/kb/HT210358Third Party Advisory

https://usn.ubuntu.com/4164-1/Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062....Mailing List

http://seclists.org/fulldisclosure/2019/Aug/11Mailing List

http://seclists.org/fulldisclosure/2019/Aug/13Mailing List

http://seclists.org/fulldisclosure/2019/Aug/14Mailing List

http://seclists.org/fulldisclosure/2019/Aug/15Mailing List

http://seclists.org/fulldisclosure/2019/Jul/22Mailing List

https://seclists.org/bugtraq/2019/Jul/35Mailing List

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062....Mailing List

http://seclists.org/fulldisclosure/2019/Aug/11Mailing List

http://seclists.org/fulldisclosure/2019/Aug/13Mailing List

http://seclists.org/fulldisclosure/2019/Aug/14Mailing List

http://seclists.org/fulldisclosure/2019/Aug/15Mailing List

http://seclists.org/fulldisclosure/2019/Jul/22Mailing List

http://seclists.org/fulldisclosure/2019/Jul/23Mailing List

http://seclists.org/fulldisclosure/2019/Jul/24Mailing List

http://seclists.org/fulldisclosure/2019/Jul/26Mailing List

http://seclists.org/fulldisclosure/2019/Jul/31Mailing List

http://seclists.org/fulldisclosure/2019/Jul/37Mailing List

http://seclists.org/fulldisclosure/2019/Jul/38Mailing List

http://www.openwall.com/lists/oss-security/2019/11/17/2Mailing List

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069Permissions Required

https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f65...Patch

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b8...

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c279...

https://lists.debian.org/debian-lts-announce/2019/07/msg00020.htmlMailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists...

https://oss-fuzz.com/testcase-detail/5197371471822848Permissions Required

https://seclists.org/bugtraq/2019/Aug/21Mailing List

https://seclists.org/bugtraq/2019/Aug/22Mailing List

https://seclists.org/bugtraq/2019/Aug/23Mailing List

https://seclists.org/bugtraq/2019/Aug/25Mailing List