Use of Uninitialized Resource in libxslt

Do your applications use this vulnerable package? Test your applications

Overview

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

References

ADVISORY
CONFIRM
CONFIRM
Debian Security Announcement
Debian Security Tracker
FEDORA
MISC
MISC
MISC
MISC
MLIST
SUSE
UBUNTU
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

None
Availability

None

CVE: CVE-2019-13117
CWE: CWE-908
Snyk ID: SNYK-DEBIAN9-LIBXSLT-451292
Disclosed: 01 Jul, 2019
Published: 01 Jul, 2019

Use of Uninitialized Resource
Affecting libxslt package, versions <1.1.29-2.1+deb9u1

Overview

References

CVSS Score

Use of Uninitialized Resource Affecting libxslt package, versions <1.1.29-2.1+deb9u1

Overview

References

Use of Uninitialized Resource
Affecting libxslt package, versions <1.1.29-2.1+deb9u1