Уязвимость CVE-2019-13118: Информация

Описание

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

Важность: MEDIUM (5,3) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-13118

Опубликовано: 1 июля 2019 г.

Изменено: 7 ноября 2023 г.

Идентификатор типа ошибки: CWE-843

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
libxslt	sisyphus	1.1.33-alt2	1.1.37-alt1	ALT-PU-2019-2688-1	237506	Исправлено
libxslt	p10	1.1.33-alt2	1.1.34-alt3	ALT-PU-2019-2688-1	237506	Исправлено
libxslt	p9	1.1.34-alt1.p9.1	1.1.34-alt1.p9.1	ALT-PU-2020-3348-1	261811	Исправлено
libxslt	c10f1	1.1.33-alt2	1.1.34-alt3	ALT-PU-2019-2688-1	237506	Исправлено
libxslt	c9f2	1.1.34-alt1.p9.1	1.1.34-alt3	ALT-PU-2020-3302-1	261812	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
https://oss-fuzz.com/testcase-detail/5197371471822848	Permissions Required
https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b	Patch Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069	Permissions Required
https://support.apple.com/kb/HT210346	Third Party Advisory
[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update	Mailing List Third Party Advisory
https://support.apple.com/kb/HT210353	Third Party Advisory
https://support.apple.com/kb/HT210348	Third Party Advisory
https://support.apple.com/kb/HT210351	Third Party Advisory
20190723 APPLE-SA-2019-7-22-5 tvOS 12.4	Mailing List Third Party Advisory
20190723 APPLE-SA-2019-7-22-4 watchOS 5.3	Mailing List Third Party Advisory
20190723 APPLE-SA-2019-7-22-1 iOS 12.4	Mailing List Third Party Advisory
20190723 APPLE-SA-2019-7-22-4 watchOS 5.3	Mailing List Third Party Advisory
20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra	Mailing List Third Party Advisory
20190723 APPLE-SA-2019-7-22-5 tvOS 12.4	Mailing List Third Party Advisory
https://support.apple.com/kb/HT210356	Third Party Advisory
20190723 APPLE-SA-2019-7-22-1 iOS 12.4	Mailing List Third Party Advisory
https://support.apple.com/kb/HT210357	Third Party Advisory
https://support.apple.com/kb/HT210358	Third Party Advisory
20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13	Mailing List Third Party Advisory
20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6	Mailing List Third Party Advisory
20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6	Mailing List Third Party Advisory
20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6	Mailing List Third Party Advisory
20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6	Mailing List Third Party Advisory
20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20190806-0004/	Third Party Advisory
20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4	Mailing List Third Party Advisory
20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4	Mailing List Third Party Advisory
20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra	Mailing List Third Party Advisory
20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3	Mailing List Third Party Advisory
20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3	Mailing List Third Party Advisory
20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4	Mailing List Third Party Advisory
20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra	Mailing List Third Party Advisory
20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4	Mailing List Third Party Advisory
USN-4164-1	Third Party Advisory
[oss-security] 20191117 Nokogiri security update v1.10.5	Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory
https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
openSUSE-SU-2020:0731	Mailing List Third Party Advisory
FEDORA-2019-fdf6ec39b4
[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*
  
  Конфигурация 2
  cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  
  Конфигурация 3
  cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
  cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*
  cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
  cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
  cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
  Start including
  11.0
  End including
  11.50.2
  
  Конфигурация 4
  cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*
  
  Конфигурация 5
  cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  
  Конфигурация 6
  cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
  
  Конфигурация 7
  cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
  End excliding
  12.4
  cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
  End excliding
  12.4
  cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*
  End excliding
  7.13
  cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
  End excliding
  12.9.6
  cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*
  Start including
  10.0
  End excliding
  10.6
  cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-003:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-002:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-001:*:*:*:*:*:*
  cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
  Start including
  10.4.6
  End excliding
  10.14.6

Версия: v24.4.2

Наверх

Уязвимость CVE-2019-13118: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1

Конфигурация 2

Конфигурация 3

Конфигурация 4

Конфигурация 5

Конфигурация 6

Конфигурация 7