CVE-2019-13118

EPSS 1.21%
Published 01.07.2019 02:15:09
Last modified 21.11.2024 04:24:13
Source cve@mitre.org
Teams watchlist Login
Open Login

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

Affected products Warnungen 0 Metrics 3 CWE 1 References 44

Data is provided by the National Vulnerability Database (NVD)

Xmlsoft ≫ Libxslt Version1.1.33

Opensuse ≫ Leap Version15.1

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows

Netapp ≫ Cloud Backup Version-

Netapp ≫ Clustered Data Ontap Version-

Netapp ≫ E-series Performance Analyzer Version-

Netapp ≫ E-series Santricity Management Plug-ins Version- SwPlatformvmware_vcenter

Netapp ≫ E-series Santricity Os Controller Version >= 11.0 <= 11.50.2

Netapp ≫ E-series Santricity Storage Manager Version-

Netapp ≫ E-series Santricity Web Services Version- SwPlatformweb_services_proxy

Netapp ≫ Oncommand Insight Version-

Netapp ≫ Oncommand Workflow Automation Version-

Netapp ≫ Ontap Select Deploy Administration Utility Version-

Netapp ≫ Plug-in For Symantec Netbackup Version-

Netapp ≫ Santricity Unified Manager Version-

Netapp ≫ Steelstore Cloud Integrated Storage Version-

Oracle ≫ Jdk Version1.8.0 Updateupdate231

Fedoraproject ≫ Fedora Version31

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version19.04

Canonical ≫ Ubuntu Linux Version19.10

Apple ≫ iCloud SwPlatformwindows Version < 7.13

Apple ≫ iCloud SwPlatformwindows Version >= 10.0 < 10.6

Apple ≫ iTunes SwPlatformwindows Version < 12.9.6

Apple ≫ iPhone OS Version < 12.4

Apple ≫ macOS X Version10.12.6 Updatesecurity_update_2019-001

Apple ≫ macOS X Version10.12.6 Updatesecurity_update_2019-002

Apple ≫ macOS X Version10.12.6 Updatesecurity_update_2019-003

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2019-001

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2019-002

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2019-003

Apple ≫ macOS Version >= 10.4.6 < 10.14.6

Apple ≫ tvOS Version < 12.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.21%	0.784

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

https://www.oracle.com/security-alerts/cpujan2020.html

Third Party Advisory

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2019/Aug/11

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2019/Jul/22

Third Party Advisory