CVE-2019-13118

Published: Jul 1, 2019Modified: May 28, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

Affected (37)

Products: Xmlsoft: Libxslt · Opensuse: Leap · Netapp: Active Iq Unified Manager, Cloud Backup, Clustered Data Ontap, E Series Performance Analyzer, E Series Santricity Management Plug Ins, E Series Santricity Os Controller, E Series Santricity Storage Manager, E Series Santricity Web Services, Oncommand Insight, Oncommand Workflow Automation, Ontap Select Deploy Administration Utility, Plug In For Symantec Netbackup, Santricity Unified Manager, Steelstore Cloud Integrated Storage · +4 more

Show all products

1 product

1 product

14 products

Active Iq Unified Manager

Cloud Backup

Clustered Data Ontap

E Series Performance Analyzer

E Series Santricity Management Plug Ins

E Series Santricity Os Controller

E Series Santricity Storage Manager

E Series Santricity Web Services

Oncommand Insight

Oncommand Workflow Automation

Ontap Select Deploy Administration Utility

Plug In For Symantec Netbackup

Santricity Unified Manager

Steelstore Cloud Integrated Storage

1 product

1 product

1 product

6 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xmlsoft Libxslt	Version 1.1.33

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1

Configuration C

15 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions
Netapp Active Iq Unified Manager	All versions
Netapp Cloud Backup	All versions
Netapp Clustered Data Ontap	All versions
Netapp E Series Performance Analyzer	All versions
Netapp E Series Santricity Management Plug Ins	All versions
Netapp E Series Santricity Os Controller	From 11.0 to 11.50.2
Netapp E Series Santricity Storage Manager	All versions
Netapp E Series Santricity Web Services	All versions
Netapp Oncommand Insight	All versions
Netapp Oncommand Workflow Automation	All versions
Netapp Ontap Select Deploy Administration Utility	All versions
Netapp Plug In For Symantec Netbackup	All versions
Netapp Santricity Unified Manager	All versions
Netapp Steelstore Cloud Integrated Storage	All versions

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Jdk	Version 1.8.0 update231

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 31

Configuration F

6 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.04
Canonical Ubuntu Linux	Version 19.10

Configuration G

12 vulnerable

Vulnerable Software	Affected Versions
Apple Icloud	Before 7.13
Apple Icloud	From 10.0 to 10.6
Apple Iphone Os	Before 12.4
Apple Itunes	Before 12.9.6
Apple Mac Os X	Version 10.12.6 security_update_2019-001
Apple Mac Os X	Version 10.12.6 security_update_2019-002
Apple Mac Os X	Version 10.12.6 security_update_2019-003
Apple Mac Os X	Version 10.13.6 security_update_2019-001
Apple Mac Os X	Version 10.13.6 security_update_2019-002
Apple Mac Os X	Version 10.13.6 security_update_2019-003
Apple Macos	From 10.4.6 to 10.14.6
Apple Tvos	Before 12.4

Related CWEs

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (82)

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Aug/11

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Aug/13

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Aug/14

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Aug/15

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jul/22

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jul/23

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jul/24

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jul/26

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jul/31

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jul/37

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jul/38

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/11/17/2

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069

Source: cve@mitre.org

Permissions Required

https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/

Source: cve@mitre.org

https://oss-fuzz.com/testcase-detail/5197371471822848

Source: cve@mitre.org

Permissions Required

https://seclists.org/bugtraq/2019/Aug/21

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Aug/22

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Aug/23

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Aug/25

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Jul/35

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Jul/36

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Jul/37

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Jul/40

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Jul/41

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Jul/42

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20190806-0004/

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200122-0003/

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/kb/HT210346

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/kb/HT210348

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/kb/HT210351

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/kb/HT210353

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/kb/HT210356

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/kb/HT210357

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/kb/HT210358

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4164-1/

Source: cve@mitre.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2020.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Aug/11

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Aug/13

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Aug/14

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Aug/15

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jul/22

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jul/23

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jul/24

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jul/26

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jul/31

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jul/37

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jul/38

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/11/17/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://oss-fuzz.com/testcase-detail/5197371471822848

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://seclists.org/bugtraq/2019/Aug/21

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Aug/22

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Aug/23

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Aug/25

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Jul/35

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Jul/36

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Jul/37

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Jul/40

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Jul/41

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Jul/42

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20190806-0004/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200122-0003/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/kb/HT210346

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/kb/HT210348

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/kb/HT210351

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/kb/HT210353

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/kb/HT210356

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/kb/HT210357

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/kb/HT210358

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4164-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.