Описание
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libxslt | fixed | 1.1.32-2.1 | package | |
| libxslt | fixed | 1.1.32-2.1~deb10u1 | buster | package |
| libxslt | fixed | 1.1.29-2.1+deb9u1 | stretch | package |
Примечания
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
https://oss-fuzz.com/testcase-detail/5197371471822848
EPSS
Связанные уязвимости
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
libxslt Type Confusion vulnerability that affects Nokogiri
Уязвимость функции xsltNumberFormatDecimal библиотеки libxslt, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS