CVE-2019-13117
Description
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
4.457
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-13117,CVE-2019-13118,CVE-2019-16168,CVE-2020-2585 are fixed in Java SEJava SE: 8u231 | Windows |
| Vulnerabilities CVE-2019-13117,CVE-2019-13118,CVE-2019-16168,CVE-2020-2585 are fixed in Java SEJava SE: 8u231(x64) | Windows |
| Multiple vulnerabilities affected in Oracle Java SE 8u311 | Windows |
| Multiple vulnerabilities affected in Oracle Java SE 8u311 (x64) | Windows |
| Multiple vulnerabilities affected in Oracle Java SE Developement -Kit 8u311 | Windows |
| Multiple vulnerabilities affected in Oracle Java SE Developement Kit 8u311 (x64) | Windows |
| Multiple vulnerabilities are affected in Java SE Development Kit (x64) Java SE Development Kit 8 Update 231 (64-bit) | Windows |
| Multiple vulnerabilities are affected in Java SE Development Kit Java SE Development Kit 8 Update 231 (64-bit) | Windows |
| Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.2310 | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) 8.44 | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) (x64) 8.44 | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 11 (MSI) (x64) 11.37 | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 13 13.29 | Windows |
| Vulnerabilities CVE-2019-5815,CVE-2019-18197,CVE-2019-13118,CVE-2019-13117 are fixed in Ruby-nokogiri 1.10.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1 | Windows |
| XSLT processing library (USN-4164-1) libxslt1.1_1.1.29-5ubuntu0.2_i386.deb | Linux |
| XSLT processing library (USN-4164-1) libxslt1.1_1.1.29-5ubuntu0.2_amd64.deb | Linux |
| XSLT processing library (USN-4164-1) libxslt1.1_1.1.32-2ubuntu0.2_i386.deb | Linux |
| XSLT processing library (USN-4164-1) libxslt1.1_1.1.32-2ubuntu0.2_amd64.deb | Linux |
| XSLT processing library (USN-4164-1) libxslt1.1_1.1.33-0ubuntu1.1_i386.deb | Linux |
| XSLT processing library (USN-4164-1) libxslt1.1_1.1.33-0ubuntu1.1_amd64.deb | Linux |
| XSLT processing library (USN-4164-1) libxslt1.1_1.1.28-2.1ubuntu0.3_i386.deb | Linux |
| XSLT processing library (USN-4164-1) libxslt1.1_1.1.28-2.1ubuntu0.3_amd64.deb | Linux |
| Vulnerabilities CVE-2019-5815,CVE-2019-18197,CVE-2019-13118,CVE-2019-13117 are fixed in Ruby-nokogiri for Linux 1.10.5 | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-323264 | Java 8 Update 321 (8.0.3210.7) (JRE) |
| PATCH-323263 | Java 8 Update 321 (64-bit) (8.0.3210.7) (JRE) |
| PATCH-323267 | Java SE Development Kit 8 Update 321 (32-bit) (8.0.3210.7) (JDK) |
| PATCH-323266 | Java SE Development Kit 8 Update 321 (64-bit) (8.0.3210.7) (JDK) |
| PATCH-333701 | Java SE Development Kit 8 Update 391 (64-bit) (8.0.3910.13) (JDK) (Manual Upload Required) |
| PATCH-342222 | Azul Zulu JDK 8 (MSI) (8.82.0.21) |
| PATCH-342223 | Azul Zulu JDK 8 (MSI) (x64) (8.82.0.21) |
| PATCH-342218 | Azul Zulu JDK 11 (MSI) (x64) (11.76.21) |
| PATCH-328592 | Azul Zulu JDK 13 (13.54.17) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234