#VU18965 Information disclosure in libxslt


Published: 2019-07-02 | Updated: 2019-10-19

Vulnerability identifier: #VU18965

Vulnerability risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-13117

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libxslt
Universal components / Libraries / Libraries used by multiple products

Vendor: Gnome Development Team

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to information disclosure in numbers.c in libxslt library where an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. A remote attacker can gain knowledge whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

libxslt: 1.1.33

External links
http://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
http://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
http://oss-fuzz.com/testcase-detail/5631739747106816

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell Wyse ThinLinux
Multiple vulnerabilities in Dell EMC Data Protection Search
Multiple vulnerabilities in Dell EMC Secure Remote Services (SRS) Virtual Edition
Multiple vulnerabilities in Dell EMC ECS
OpenSUSE Linux update for libxslt
Multiple vulnerabilities in Java SE
Information disclosure in libxslt (Alpine package)
Ubuntu update for Libxslt
Multiple vulnerabilities in libxslt