[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-6139Date: (C)2013-12-05   (M)2023-12-22


libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1028338
SECUNIA-52745
SECUNIA-52805
SECUNIA-52813
SECUNIA-52884
DSA-2654
FEDORA-2013-4507
MDVSA-2013:141
SUSE-SU-2013:1654
SUSE-SU-2013:1656
USN-1784-1
http://xmlsoft.org/XSLT/news.html
https://bugzilla.gnome.org/show_bug.cgi?id=685328
https://bugzilla.gnome.org/show_bug.cgi?id=685330
https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833
https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107
openSUSE-SU-2013:0585
openSUSE-SU-2013:0593

CPE    81
cpe:/a:xmlsoft:libxslt:1.1.16
cpe:/a:xmlsoft:libxslt:1.1.17
cpe:/a:xmlsoft:libxslt:1.1.18
cpe:/a:xmlsoft:libxslt:1.1.19
...
OVAL    5
oval:org.secpod.oval:def:104846
oval:org.secpod.oval:def:20970
oval:org.secpod.oval:def:601003
oval:org.secpod.oval:def:1300181
...

© SecPod Technologies