Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2019-13118

Disclosure Date: July 01, 2019
CVE-2019-13118 CVSS v3 Base Score: 5.3
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.3 Medium
Impact Score:
1.4
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
Low
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • apple,
  • canonical,
  • fedoraproject,
  • netapp,
  • opensuse,
  • oracle,
  • xmlsoft

Products

  • active iq unified manager -,
  • cloud backup -,
  • clustered data ontap -,
  • e-series performance analyzer -,
  • e-series santricity management plug-ins -,
  • e-series santricity os controller,
  • e-series santricity storage manager -,
  • e-series santricity web services -,
  • fedora 31,
  • icloud,
  • iphone os,
  • itunes,
  • jdk 1.8.0,
  • leap 15.1,
  • libxslt 1.1.33,
  • mac os x 10.12.6,
  • mac os x 10.13.6,
  • macos,
  • oncommand insight -,
  • oncommand workflow automation -,
  • ontap select deploy administration utility -,
  • plug-in for symantec netbackup -,
  • santricity unified manager -,
  • steelstore cloud integrated storage -,
  • tvos,
  • ubuntu linux 12.04,
  • ubuntu linux 14.04,
  • ubuntu linux 16.04,
  • ubuntu linux 18.04,
  • ubuntu linux 19.04,
  • ubuntu linux 19.10

References

Canonical
CVE-2019-13118 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13118)
Advisory
https://support.apple.com/kb/HT210348
https://support.apple.com/kb/HT210353
https://support.apple.com/kb/HT210351
[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update (https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html)
https://support.apple.com/kb/HT210346
20190723 APPLE-SA-2019-7-22-1 iOS 12.4 (https://seclists.org/bugtraq/2019/Jul/35)
20190723 APPLE-SA-2019-7-22-5 tvOS 12.4 (https://seclists.org/bugtraq/2019/Jul/37)
20190723 APPLE-SA-2019-7-22-4 watchOS 5.3 (https://seclists.org/bugtraq/2019/Jul/36)
20190723 APPLE-SA-2019-7-22-4 watchOS 5.3 (http://seclists.org/fulldisclosure/2019/Jul/24)
20190723 APPLE-SA-2019-7-22-1 iOS 12.4 (http://seclists.org/fulldisclosure/2019/Jul/23)
20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra (http://seclists.org/fulldisclosure/2019/Jul/22)
20190723 APPLE-SA-2019-7-22-5 tvOS 12.4 (http://seclists.org/fulldisclosure/2019/Jul/26)
https://support.apple.com/kb/HT210356
https://support.apple.com/kb/HT210357
https://support.apple.com/kb/HT210358
20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6 (https://seclists.org/bugtraq/2019/Jul/42)
20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6 (https://seclists.org/bugtraq/2019/Jul/40)
20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13 (https://seclists.org/bugtraq/2019/Jul/41)
20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6 (http://seclists.org/fulldisclosure/2019/Jul/31)
20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13 (http://seclists.org/fulldisclosure/2019/Jul/37)
20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6 (http://seclists.org/fulldisclosure/2019/Jul/38)
https://security.netapp.com/advisory/ntap-20190806-0004
20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4 (https://seclists.org/bugtraq/2019/Aug/25)
20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3 (https://seclists.org/bugtraq/2019/Aug/22)
20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4 (https://seclists.org/bugtraq/2019/Aug/23)
20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra (https://seclists.org/bugtraq/2019/Aug/21)
20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3 (http://seclists.org/fulldisclosure/2019/Aug/14)
20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra (http://seclists.org/fulldisclosure/2019/Aug/11)
20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4 (http://seclists.org/fulldisclosure/2019/Aug/13)
20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4 (http://seclists.org/fulldisclosure/2019/Aug/15)
USN-4164-1 (https://usn.ubuntu.com/4164-1)
FEDORA-2019-fdf6ec39b4 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ)
[oss-security] 20191117 Nokogiri security update v1.10.5 (http://www.openwall.com/lists/oss-security/2019/11/17/2)
https://security.netapp.com/advisory/ntap-20200122-0003
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
https://security.netapp.com/advisory/ntap-20190806-0004/
USN-4164-1 (https://usn.ubuntu.com/4164-1/)
FEDORA-2019-fdf6ec39b4 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/)
https://security.netapp.com/advisory/ntap-20200122-0003/
[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 (https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E)
[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 (https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E)
Miscellaneous
https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
https://oss-fuzz.com/testcase-detail/5197371471822848
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
https://www.oracle.com/security-alerts/cpujan2020.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis