CVE-2012-6139

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.

References

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html

http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html

http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html

http://secunia.com/advisories/52745

http://secunia.com/advisories/52805

http://secunia.com/advisories/52813

http://secunia.com/advisories/52884

http://www.debian.org/security/2013/dsa-2654

http://www.mandriva.com/security/advisories?name=MDVSA-2013:141

http://www.securitytracker.com/id/1028338

http://www.ubuntu.com/usn/USN-1784-1

http://xmlsoft.org/XSLT/news.html

https://bugzilla.gnome.org/show_bug.cgi?id=685328

https://bugzilla.gnome.org/show_bug.cgi?id=685330

https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833

https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107

https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html

https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html

Details

Source: MITRE

Published: 2013-04-12

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:xmlsoft:libxslt:0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:0.4.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:0.6.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:0.7.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:0.8.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:0.9.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:0.10.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:0.11.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:0.12.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:0.13.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:0.14.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.10:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.11:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.12:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.13:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.14:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.15:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.16:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.17:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.18:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.19:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.20:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.21:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.22:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.23:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.24:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.25:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.26:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.27:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.28:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.29:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.30:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.31:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.32:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.0.33:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.18:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.19:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.20:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.21:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.22:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.23:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.24:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.25:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.26:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:* versions up to 1.1.27 (inclusive)

Configuration 2

OR

cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
80694Oracle Solaris Third-Party Patch Update : libxslt (cve_2012_5581_denial_of1)NessusSolaris Local Security Checks
medium
74951openSUSE Security Update : libxslt (openSUSE-SU-2013:0585-1)NessusSuSE Local Security Checks
medium
71907GLSA-201401-07 : libxslt: Denial of ServiceNessusGentoo Local Security Checks
medium
70843SuSE 11.2 / 11.3 Security Update : libxslt (SAT Patch Numbers 8500 / 8501)NessusSuSE Local Security Checks
medium
66290SuSE 10 Security Update : libxslt (ZYPP Patch Number 8534)NessusSuSE Local Security Checks
medium
66288SuSE 11.2 Security Update : libxslt (SAT Patch Number 7569)NessusSuSE Local Security Checks
medium
66153Mandriva Linux Security Advisory : libxslt (MDVSA-2013:141)NessusMandriva Local Security Checks
medium
66005Fedora 18 : libxslt-1.1.28-1.fc18 (2013-4507)NessusFedora Local Security Checks
medium
65793Debian DSA-2654-1 : libxslt - denial of serviceNessusDebian Local Security Checks
medium
65786Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : libxslt vulnerability (USN-1784-1)NessusUbuntu Local Security Checks
medium