Fluid Attacks Database

Description

Uninitialized read in Nokogiri gem In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libxslt	>=0 <1.1.32-2.1	1.1.32-2.1
debian 11	libxslt	>=0 <1.1.32-2.1	1.1.32-2.1
alpine v3.10	libxslt	=1.1.24-r0 \|\| =1.1.24-r1 \|\| =1.1.26-r0 \|\| =1.1.26-r1 \|\| =1.1.26-r2 \|\| =1.1.26-r3 \|\| =1.1.26-r4 \|\| =1.1.26-r5 \|\| =1.1.26-r6 \|\| =1.1.26-r7 \|\| =1.1.26-r8 \|\| =1.1.26-r9 \|\| =1.1.27-r0 \|\| =1.1.27-r1 \|\| =1.1.28-r0 \|\| =1.1.28-r1 \|\| =1.1.28-r2 \|\| =1.1.29-r0 \|\| =1.1.29-r1 \|\| =1.1.29-r2 \|\| =1.1.29-r3 \|\| =1.1.30-r0 \|\| =1.1.31-r0 \|\| =1.1.32-r0 \|\| =1.1.33-r0 \|\| =1.1.33-r1 \|\| =1.1.33-r2 \|\| >=0 <1.1.33-r3	1.1.33-r3
alpine v3.11	libxslt	=1.1.24-r0 \|\| =1.1.24-r1 \|\| =1.1.26-r0 \|\| =1.1.26-r1 \|\| =1.1.26-r2 \|\| =1.1.26-r3 \|\| =1.1.26-r4 \|\| =1.1.26-r5 \|\| =1.1.26-r6 \|\| =1.1.26-r7 \|\| =1.1.26-r8 \|\| =1.1.26-r9 \|\| =1.1.27-r0 \|\| =1.1.27-r1 \|\| =1.1.28-r0 \|\| =1.1.28-r1 \|\| =1.1.28-r2 \|\| =1.1.29-r0 \|\| =1.1.29-r1 \|\| =1.1.29-r2 \|\| =1.1.29-r3 \|\| =1.1.30-r0 \|\| =1.1.31-r0 \|\| =1.1.32-r0 \|\| =1.1.33-r0 \|\| =1.1.33-r1 \|\| >=0 <1.1.34-r0	1.1.34-r0
alpine v3.12	libxslt	=1.1.24-r0 \|\| =1.1.24-r1 \|\| =1.1.26-r0 \|\| =1.1.26-r1 \|\| =1.1.26-r2 \|\| =1.1.26-r3 \|\| =1.1.26-r4 \|\| =1.1.26-r5 \|\| =1.1.26-r6 \|\| =1.1.26-r7 \|\| =1.1.26-r8 \|\| =1.1.26-r9 \|\| =1.1.27-r0 \|\| =1.1.27-r1 \|\| =1.1.28-r0 \|\| =1.1.28-r1 \|\| =1.1.28-r2 \|\| =1.1.29-r0 \|\| =1.1.29-r1 \|\| =1.1.29-r2 \|\| =1.1.29-r3 \|\| =1.1.30-r0 \|\| =1.1.31-r0 \|\| =1.1.32-r0 \|\| =1.1.33-r0 \|\| =1.1.33-r1 \|\| >=0 <1.1.34-r0	1.1.34-r0
alpine v3.13	libxslt	=1.1.24-r0 \|\| =1.1.24-r1 \|\| =1.1.26-r0 \|\| =1.1.26-r1 \|\| =1.1.26-r2 \|\| =1.1.26-r3 \|\| =1.1.26-r4 \|\| =1.1.26-r5 \|\| =1.1.26-r6 \|\| =1.1.26-r7 \|\| =1.1.26-r8 \|\| =1.1.26-r9 \|\| =1.1.27-r0 \|\| =1.1.27-r1 \|\| =1.1.28-r0 \|\| =1.1.28-r1 \|\| =1.1.28-r2 \|\| =1.1.29-r0 \|\| =1.1.29-r1 \|\| =1.1.29-r2 \|\| =1.1.29-r3 \|\| =1.1.30-r0 \|\| =1.1.31-r0 \|\| =1.1.32-r0 \|\| =1.1.33-r0 \|\| =1.1.33-r1 \|\| >=0 <1.1.34-r0	1.1.34-r0
alpine v3.14	libxslt	=1.1.24-r0 \|\| =1.1.24-r1 \|\| =1.1.26-r0 \|\| =1.1.26-r1 \|\| =1.1.26-r2 \|\| =1.1.26-r3 \|\| =1.1.26-r4 \|\| =1.1.26-r5 \|\| =1.1.26-r6 \|\| =1.1.26-r7 \|\| =1.1.26-r8 \|\| =1.1.26-r9 \|\| =1.1.27-r0 \|\| =1.1.27-r1 \|\| =1.1.28-r0 \|\| =1.1.28-r1 \|\| =1.1.28-r2 \|\| =1.1.29-r0 \|\| =1.1.29-r1 \|\| =1.1.29-r2 \|\| =1.1.29-r3 \|\| =1.1.30-r0 \|\| =1.1.31-r0 \|\| =1.1.32-r0 \|\| =1.1.33-r0 \|\| =1.1.33-r1 \|\| >=0 <1.1.34-r0	1.1.34-r0
alpine v3.15	libxslt	=1.1.24-r0 \|\| =1.1.24-r1 \|\| =1.1.26-r0 \|\| =1.1.26-r1 \|\| =1.1.26-r2 \|\| =1.1.26-r3 \|\| =1.1.26-r4 \|\| =1.1.26-r5 \|\| =1.1.26-r6 \|\| =1.1.26-r7 \|\| =1.1.26-r8 \|\| =1.1.26-r9 \|\| =1.1.27-r0 \|\| =1.1.27-r1 \|\| =1.1.28-r0 \|\| =1.1.28-r1 \|\| =1.1.28-r2 \|\| =1.1.29-r0 \|\| =1.1.29-r1 \|\| =1.1.29-r2 \|\| =1.1.29-r3 \|\| =1.1.30-r0 \|\| =1.1.31-r0 \|\| =1.1.32-r0 \|\| =1.1.33-r0 \|\| =1.1.33-r1 \|\| >=0 <1.1.34-r0	1.1.34-r0
alpine v3.16	libxslt	=1.1.24-r0 \|\| =1.1.24-r1 \|\| =1.1.26-r0 \|\| =1.1.26-r1 \|\| =1.1.26-r2 \|\| =1.1.26-r3 \|\| =1.1.26-r4 \|\| =1.1.26-r5 \|\| =1.1.26-r6 \|\| =1.1.26-r7 \|\| =1.1.26-r8 \|\| =1.1.26-r9 \|\| =1.1.27-r0 \|\| =1.1.27-r1 \|\| =1.1.28-r0 \|\| =1.1.28-r1 \|\| =1.1.28-r2 \|\| =1.1.29-r0 \|\| =1.1.29-r1 \|\| =1.1.29-r2 \|\| =1.1.29-r3 \|\| =1.1.30-r0 \|\| =1.1.31-r0 \|\| =1.1.32-r0 \|\| =1.1.33-r0 \|\| =1.1.33-r1 \|\| >=0 <1.1.34-r0	1.1.34-r0
alpine v3.17	libxslt	=1.1.24-r0 \|\| =1.1.24-r1 \|\| =1.1.26-r0 \|\| =1.1.26-r1 \|\| =1.1.26-r2 \|\| =1.1.26-r3 \|\| =1.1.26-r4 \|\| =1.1.26-r5 \|\| =1.1.26-r6 \|\| =1.1.26-r7 \|\| =1.1.26-r8 \|\| =1.1.26-r9 \|\| =1.1.27-r0 \|\| =1.1.27-r1 \|\| =1.1.28-r0 \|\| =1.1.28-r1 \|\| =1.1.28-r2 \|\| =1.1.29-r0 \|\| =1.1.29-r1 \|\| =1.1.29-r2 \|\| =1.1.29-r3 \|\| =1.1.30-r0 \|\| =1.1.31-r0 \|\| =1.1.32-r0 \|\| =1.1.33-r0 \|\| =1.1.33-r1 \|\| >=0 <1.1.34-r0	1.1.34-r0

1-10 of 25

Aliases

1. CVE-2019-131172. NVD-2019-131173. OSV-DEBIAN-2019-131174. OSV-2019-131175. OSV-ALPINE-2019-131176. GCVE-2019-131177. SECURITY-TRACKER-CVE-2019-131178. SECURITY-CVE-2019-131179. lists.debian.org

References

1. https://github.com/sparklemotion/nokogiri/issues/19432. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=144713. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml4. https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb15. https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E6. https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E7. https://lists.fedoraproject.org/archives/list/[email protected]/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ8. https://oss-fuzz.com/testcase-detail/56317397471068169. https://security.netapp.com/advisory/ntap-20190806-000410. https://security.netapp.com/advisory/ntap-20200122-000311. https://usn.ubuntu.com/4164-112. https://www.oracle.com/security-alerts/cpujan2020.html13. http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html14. http://www.openwall.com/lists/oss-security/2019/11/17/2