In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
http://www.openwall.com/lists/oss-security/2019/11/17/2
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
https://oss-fuzz.com/testcase-detail/5631739747106816
https://security.netapp.com/advisory/ntap-20190806-0004/
https://security.netapp.com/advisory/ntap-20200122-0003/
Source: MITRE
Published: 2019-07-01
Updated: 2020-08-24
Type: CWE-908
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
137539 | SUSE SLED15 / SLES15 Security Update : libxslt (SUSE-SU-2020:1409-1) | Nessus | SuSE Local Security Checks | medium |
136963 | openSUSE Security Update : libxslt (openSUSE-2020-731) | Nessus | SuSE Local Security Checks | medium |
135571 | EulerOS Virtualization 3.0.2.2 : libxslt (EulerOS-SA-2020-1442) | Nessus | Huawei Local Security Checks | high |
133096 | Amazon Linux 2 : java-11-amazon-corretto (ALAS-2020-1387) | Nessus | Amazon Linux Local Security Checks | medium |
132992 | Oracle Java SE 1.7.0_251 / 1.8.0_241 / 1.11.0_6 / 1.13.0_2 Multiple Vulnerabilities (Jan 2020 CPU) | Nessus | Windows | medium |
132960 | Oracle Java SE 1.7.0_251 / 1.8.0_241 / 1.11.0_6 / 1.13.0_2 Multiple Vulnerabilities (Jan 2020 CPU) (Unix) | Nessus | Misc. | medium |
132610 | EulerOS 2.0 SP8 : libxslt (EulerOS-SA-2020-1017) | Nessus | Huawei Local Security Checks | medium |
131672 | EulerOS 2.0 SP2 : libxslt (EulerOS-SA-2019-2519) | Nessus | Huawei Local Security Checks | high |
130353 | Fedora 31 : libxslt (2019-fdf6ec39b4) | Nessus | Fedora Local Security Checks | medium |
130167 | Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : Libxslt vulnerabilities (USN-4164-1) | Nessus | Ubuntu Local Security Checks | medium |
129225 | EulerOS 2.0 SP3 : libxslt (EulerOS-SA-2019-2032) | Nessus | Huawei Local Security Checks | medium |
128932 | EulerOS Virtualization for ARM 64 3.0.2.0 : libxslt (EulerOS-SA-2019-1929) | Nessus | Huawei Local Security Checks | medium |
128836 | EulerOS 2.0 SP5 : libxslt (EulerOS-SA-2019-1913) | Nessus | Huawei Local Security Checks | medium |
128719 | Photon OS 2.0: Libxslt PHSA-2019-2.0-0171 | Nessus | PhotonOS Local Security Checks | medium |
128170 | Photon OS 1.0: Libxslt PHSA-2019-1.0-0246 | Nessus | PhotonOS Local Security Checks | medium |
128155 | Photon OS 3.0: Libxslt PHSA-2019-3.0-0024 | Nessus | PhotonOS Local Security Checks | medium |
126926 | Debian DLA-1860-1 : libxslt security update | Nessus | Debian Local Security Checks | high |
126809 | SUSE SLED12 / SLES12 Security Update : libxslt (SUSE-SU-2019:1867-1) | Nessus | SuSE Local Security Checks | medium |