Lucene search

K
f5F5F5:K96300145
HistoryJan 31, 2020 - 12:00 a.m.

K96300145 : C Library (SQLite & libxslt) vulnerabilities CVE-2019-16168 CVE-2019-13117 CVE-2019-13118

2020-01-3100:00:00
my.f5.com
33

AI Score

7

Confidence

High

EPSS

0.008

Percentile

82.0%

Security Advisory Description

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a “severe division by zero in the query planner.”

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

Impact

There is no impact; F5 products are not affected by this vulnerability.