MEDIUM 5.3
GHSA-4hm9-844j-jmxp
Uninitialized read in Nokogiri gem
Details
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2019-13117 [ADVISORY]
- https://github.com/sparklemotion/nokogiri/issues/1943 [WEB]
- https://www.oracle.com/security-alerts/cpujan2020.html [WEB]
- https://usn.ubuntu.com/4164-1 [WEB]
- https://security.netapp.com/advisory/ntap-20200122-0003 [WEB]
- https://security.netapp.com/advisory/ntap-20190806-0004 [WEB]
- https://oss-fuzz.com/testcase-detail/5631739747106816 [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ [WEB]
- https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html [WEB]
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E [WEB]
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E [WEB]
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E [WEB]
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E [WEB]
- https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 [WEB]
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml [WEB]
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471 [WEB]
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html [WEB]
- http://www.openwall.com/lists/oss-security/2019/11/17/2 [WEB]