Описание
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
Отчет
RH ProdSec scores this vulnerability as "Low" due to complex prerequisites for successful exploitation.
- The attacker must be able to supply an XSLT file to a system that automatically processes it using libxslt.
- An xsl:number element must be present with a malformed format string designed to cause an uninitialized read in xsltNumberFormatInsertNumbers.
- While a successful exploitation will force libxslt to process memory content as if it were a format string, the attacker cannot directly control memory contents but can observe differences in output to infer values.
- This issue affects the version of libxslt as shipped with Red Hat Gluster Storage 3, as it includes the affected code which allows uninitialized read.
- Red Hat OpenStack Platform versions 9, 10, 13, & 14 are marked WONTFIX as they will inherit fixes from the underlying RHEL layer.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libxslt | Out of support scope | ||
| Red Hat Enterprise Linux 6 | libxslt | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libxslt | Fix deferred | ||
| Red Hat Enterprise Linux 8 | libxslt | Fix deferred | ||
| Red Hat OpenStack Platform 10 (Newton) | libxslt | Will not fix | ||
| Red Hat OpenStack Platform 13 (Queens) | libxslt | Will not fix | ||
| Red Hat OpenStack Platform 14 (Rocky) | libxslt | Will not fix | ||
| Red Hat OpenStack Platform 9 (Mitaka) | libxslt | Will not fix | ||
| Red Hat Storage 3 | libxslt | Affected |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
In numbers.c in libxslt 1.1.33, an xsl:number with certain format stri ...
Уязвимость функции xsltNumberFormatInsertNumbers библиотеки libxslt, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
5.3 Medium
CVSS3