Описание
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.1.29-5ubuntu0.2 |
| cosmic | ignored | end of life |
| devel | not-affected | |
| disco | released | 1.1.32-2ubuntu0.2 |
| eoan | not-affected | |
| esm-infra-legacy/trusty | released | 1.1.28-2ubuntu0.2+esm1 |
| esm-infra/bionic | released | 1.1.29-5ubuntu0.2 |
| esm-infra/xenial | released | 1.1.28-2.1ubuntu0.3 |
| precise/esm | not-affected | 1.1.26-8ubuntu1.6 |
| trusty | ignored | end of standard support |
Показывать по
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
In numbers.c in libxslt 1.1.33, a type holding grouping characters of ...
libxslt Type Confusion vulnerability that affects Nokogiri
Уязвимость функции xsltNumberFormatDecimal библиотеки libxslt, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
5 Medium
CVSS2
5.3 Medium
CVSS3