CVE-2019-13118

Published Jul 1, 2019

Last updated 11 days ago

CVSS medium 5.3

Overview

Description: In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
Source: cve@mitre.org
NVD status: Modified
Products: libxslt, leap, active_iq_unified_manager, cloud_backup, clustered_data_ontap, e-series_performance_analyzer, e-series_santricity_management_plug-ins, e-series_santricity_os_controller, e-series_santricity_storage_manager, e-series_santricity_web_services, oncommand_insight, oncommand_workflow_automation, ontap_select_deploy_administration_utility, plug-in_for_symantec_netbackup, santricity_unified_manager, steelstore_cloud_integrated_storage, jdk, fedora, ubuntu_linux, icloud, itunes, iphone_os, mac_os_x, macos, tvos

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-843
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-843

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*",
            "matchCriteriaId": "BBF9724E-ED48-45EB-92DF-1223ECF12693",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
            "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
            "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
            "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "433D435D-13D0-4EAA-ACD9-DD88DA712D00",
            "versionEndIncluding": "11.50.2",
            "versionStartIncluding": "11.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
            "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*",
            "matchCriteriaId": "8836399B-AA1F-45DB-A423-B41A93A14281",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
            "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
            "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
            "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
            "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
            "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
            "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
            "matchCriteriaId": "086B8913-51FE-4FCA-AB2C-47541F2C3252",
            "versionEndExcluding": "7.13",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
            "matchCriteriaId": "71143206-77A6-4B8F-964B-FD4E00C1AE60",
            "versionEndExcluding": "10.6",
            "versionStartIncluding": "10.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
            "matchCriteriaId": "F3310BC8-34F6-4C8A-B6B8-FCEB9033902B",
            "versionEndExcluding": "12.9.6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "78127EE5-23FE-4C66-B7EE-2CF3E19F0503",
            "versionEndExcluding": "12.4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-001:*:*:*:*:*:*",
            "matchCriteriaId": "4353B3DF-2371-4A6F-9FF8-2CC3EF7DC4F6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-002:*:*:*:*:*:*",
            "matchCriteriaId": "A0334DC1-4D8C-448C-84B3-310499118B44",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-003:*:*:*:*:*:*",
            "matchCriteriaId": "F80F3626-D093-45F4-80A1-3DB1EC94E0F2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*",
            "matchCriteriaId": "754A2DF4-8724-4448-A2AB-AC5442029CB7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*",
            "matchCriteriaId": "D392C777-1949-4920-B459-D083228E4688",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*",
            "matchCriteriaId": "68B0A232-F2A4-4B87-99EB-3A532DFA87DA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "2DABA4F3-D814-4190-BDD7-C2F3DBBD9E1A",
            "versionEndExcluding": "10.14.6",
            "versionStartIncluding": "10.4.6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "AC281794-DEC0-4C8A-8B92-F8E5D8785EF6",
            "versionEndExcluding": "12.4",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

Related CVEs

References