Описание
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.1.29-5ubuntu0.2 |
| cosmic | ignored | end of life |
| devel | not-affected | |
| disco | released | 1.1.32-2ubuntu0.2 |
| eoan | not-affected | |
| esm-infra-legacy/trusty | released | 1.1.28-2ubuntu0.2+esm1 |
| esm-infra/bionic | released | 1.1.29-5ubuntu0.2 |
| esm-infra/xenial | released | 1.1.28-2.1ubuntu0.3 |
| precise/esm | not-affected | 1.1.26-8ubuntu1.6 |
| trusty | ignored | end of standard support |
Показывать по
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
In numbers.c in libxslt 1.1.33, an xsl:number with certain format stri ...
Уязвимость функции xsltNumberFormatInsertNumbers библиотеки libxslt, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3