CVE-2019-13118

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-13118
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
https://oss-fuzz.com/testcase-detail/5197371471822848 Permissions Required
https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b Patch Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069 Permissions Required
https://support.apple.com/kb/HT210346 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html Mailing List Third Party Advisory
https://support.apple.com/kb/HT210353 Third Party Advisory
https://support.apple.com/kb/HT210348 Third Party Advisory
https://support.apple.com/kb/HT210351 Third Party Advisory
https://seclists.org/bugtraq/2019/Jul/37 Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Jul/36 Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Jul/35 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/Jul/24 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/Jul/22 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/Jul/26 Mailing List Third Party Advisory
https://support.apple.com/kb/HT210356 Third Party Advisory
http://seclists.org/fulldisclosure/2019/Jul/23 Mailing List Third Party Advisory
https://support.apple.com/kb/HT210357 Third Party Advisory
https://support.apple.com/kb/HT210358 Third Party Advisory
https://seclists.org/bugtraq/2019/Jul/41 Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Jul/42 Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Jul/40 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/Jul/31 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/Jul/38 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/Jul/37 Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20190806-0004/ Third Party Advisory
https://seclists.org/bugtraq/2019/Aug/25 Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Aug/23 Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Aug/21 Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Aug/22 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/Aug/14 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/Aug/13 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/Aug/11 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/Aug/15 Mailing List Third Party Advisory
https://usn.ubuntu.com/4164-1/ Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/11/17/2 Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html Third Party Advisory
https://security.netapp.com/advisory/ntap-20200122-0003/ Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Configurations

Configuration 1 (hide)

cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

Configuration 7 (hide)

OR cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*
cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-003:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-001:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
History

07 Nov 2023, 03:03

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E', 'name': '[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/', 'name': 'FEDORA-2019-fdf6ec39b4', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E', 'name': '[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/ -
  • () https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E -
  • () https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E -

10 Apr 2023, 15:52

Type Values Removed Values Added
CPE cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-003:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-001:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*
cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-002:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
References (CONFIRM) https://security.netapp.com/advisory/ntap-20190806-0004/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20190806-0004/ - Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2019/Jul/22 - (FULLDISC) http://seclists.org/fulldisclosure/2019/Jul/22 - Mailing List, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2019/Jul/37 - (FULLDISC) http://seclists.org/fulldisclosure/2019/Jul/37 - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E - Mailing List, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2019/Aug/11 - (FULLDISC) http://seclists.org/fulldisclosure/2019/Aug/11 - Mailing List, Third Party Advisory
References (BUGTRAQ) https://seclists.org/bugtraq/2019/Jul/37 - (BUGTRAQ) https://seclists.org/bugtraq/2019/Jul/37 - Mailing List, Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpujan2020.html - (MISC) https://www.oracle.com/security-alerts/cpujan2020.html - Third Party Advisory
References (BUGTRAQ) https://seclists.org/bugtraq/2019/Aug/23 - (BUGTRAQ) https://seclists.org/bugtraq/2019/Aug/23 - Mailing List, Third Party Advisory
References (BUGTRAQ) https://seclists.org/bugtraq/2019/Jul/41 - (BUGTRAQ) https://seclists.org/bugtraq/2019/Jul/41 - Mailing List, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2019/Jul/38 - (FULLDISC) http://seclists.org/fulldisclosure/2019/Jul/38 - Mailing List, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2019/Jul/23 - (FULLDISC) http://seclists.org/fulldisclosure/2019/Jul/23 - Mailing List, Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT210358 - (CONFIRM) https://support.apple.com/kb/HT210358 - Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT210356 - (CONFIRM) https://support.apple.com/kb/HT210356 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html - Mailing List, Third Party Advisory
References (BUGTRAQ) https://seclists.org/bugtraq/2019/Jul/40 - (BUGTRAQ) https://seclists.org/bugtraq/2019/Jul/40 - Mailing List, Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT210348 - (CONFIRM) https://support.apple.com/kb/HT210348 - Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2019/Aug/14 - (FULLDISC) http://seclists.org/fulldisclosure/2019/Aug/14 - Mailing List, Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT210357 - (CONFIRM) https://support.apple.com/kb/HT210357 - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/ - Mailing List, Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT210351 - (CONFIRM) https://support.apple.com/kb/HT210351 - Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E - Mailing List, Third Party Advisory
References (BUGTRAQ) https://seclists.org/bugtraq/2019/Jul/42 - (BUGTRAQ) https://seclists.org/bugtraq/2019/Jul/42 - Mailing List, Third Party Advisory
References (BUGTRAQ) https://seclists.org/bugtraq/2019/Aug/21 - (BUGTRAQ) https://seclists.org/bugtraq/2019/Aug/21 - Mailing List, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2019/Aug/13 - (FULLDISC) http://seclists.org/fulldisclosure/2019/Aug/13 - Mailing List, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2019/Jul/31 - (FULLDISC) http://seclists.org/fulldisclosure/2019/Jul/31 - Mailing List, Third Party Advisory
References (BUGTRAQ) https://seclists.org/bugtraq/2019/Jul/36 - (BUGTRAQ) https://seclists.org/bugtraq/2019/Jul/36 - Mailing List, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2019/Aug/15 - (FULLDISC) http://seclists.org/fulldisclosure/2019/Aug/15 - Mailing List, Third Party Advisory
References (BUGTRAQ) https://seclists.org/bugtraq/2019/Aug/25 - (BUGTRAQ) https://seclists.org/bugtraq/2019/Aug/25 - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html - (MLIST) https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html - Mailing List, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4164-1/ - (UBUNTU) https://usn.ubuntu.com/4164-1/ - Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT210353 - (CONFIRM) https://support.apple.com/kb/HT210353 - Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2019/11/17/2 - (MLIST) http://www.openwall.com/lists/oss-security/2019/11/17/2 - Mailing List, Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20200122-0003/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20200122-0003/ - Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2019/Jul/24 - (FULLDISC) http://seclists.org/fulldisclosure/2019/Jul/24 - Mailing List, Third Party Advisory
References (BUGTRAQ) https://seclists.org/bugtraq/2019/Jul/35 - (BUGTRAQ) https://seclists.org/bugtraq/2019/Jul/35 - Mailing List, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2019/Jul/26 - (FULLDISC) http://seclists.org/fulldisclosure/2019/Jul/26 - Mailing List, Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT210346 - (CONFIRM) https://support.apple.com/kb/HT210346 - Third Party Advisory
References (BUGTRAQ) https://seclists.org/bugtraq/2019/Aug/22 - (BUGTRAQ) https://seclists.org/bugtraq/2019/Aug/22 - Mailing List, Third Party Advisory
First Time Netapp clustered Data Ontap
Netapp plug-in For Symantec Netbackup
Netapp e-series Performance Analyzer
Netapp
Netapp e-series Santricity Os Controller
Apple itunes
Netapp ontap Select Deploy Administration Utility
Apple tvos
Netapp steelstore Cloud Integrated Storage
Oracle jdk
Fedoraproject fedora
Opensuse
Netapp e-series Santricity Storage Manager
Apple iphone Os
Apple mac Os X
Netapp e-series Santricity Web Services
Netapp e-series Santricity Management Plug-ins
Netapp oncommand Workflow Automation
Apple
Netapp cloud Backup
Apple icloud
Canonical ubuntu Linux
Netapp active Iq Unified Manager
Opensuse leap
Netapp santricity Unified Manager
Canonical
Fedoraproject
Oracle
Netapp oncommand Insight
Apple macos
CVSS v2 : 5.0
v3 : 7.5 		v2 : 5.0
v3 : 5.3
Information

Published : 2019-07-01 02:15

Updated : 2023-11-07 03:03

NVD link : CVE-2019-13118

Mitre link : CVE-2019-13118

JSON object : View

Products Affected

netapp

  • oncommand_insight
  • e-series_santricity_web_services
  • active_iq_unified_manager
  • cloud_backup
  • e-series_santricity_os_controller
  • clustered_data_ontap
  • e-series_santricity_storage_manager
  • steelstore_cloud_integrated_storage
  • plug-in_for_symantec_netbackup
  • e-series_performance_analyzer
  • santricity_unified_manager
  • oncommand_workflow_automation
  • e-series_santricity_management_plug-ins
  • ontap_select_deploy_administration_utility

apple

  • tvos
  • icloud
  • itunes
  • mac_os_x
  • macos
  • iphone_os

canonical

  • ubuntu_linux

fedoraproject

  • fedora

xmlsoft

  • libxslt

opensuse

  • leap

oracle

  • jdk
CWE
CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')