Lucene search

[email protected]NVD:CVE-2013-4520

HistoryDec 14, 2013 - 8:55 p.m.

CVE-2013-4520

2013-12-1420:55:03

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

8.3 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.7%

JSON

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.

Affected configurations

NVD

Node

xmlsoftlibxsltRange≤1.1.24

xmlsoftlibxsltMatch0.0.1

xmlsoftlibxsltMatch0.1.0

xmlsoftlibxsltMatch0.2.0

xmlsoftlibxsltMatch0.3.0

xmlsoftlibxsltMatch0.4.0

xmlsoftlibxsltMatch0.5.0

xmlsoftlibxsltMatch0.6.0

xmlsoftlibxsltMatch0.7.0

xmlsoftlibxsltMatch0.8.0

xmlsoftlibxsltMatch0.9.0

xmlsoftlibxsltMatch0.10.0

xmlsoftlibxsltMatch0.11.0

xmlsoftlibxsltMatch0.12.0

xmlsoftlibxsltMatch0.13.0

xmlsoftlibxsltMatch0.14.0

xmlsoftlibxsltMatch1.0.0

xmlsoftlibxsltMatch1.0.1

xmlsoftlibxsltMatch1.0.2

xmlsoftlibxsltMatch1.0.3

xmlsoftlibxsltMatch1.0.4

xmlsoftlibxsltMatch1.0.5

xmlsoftlibxsltMatch1.0.6

xmlsoftlibxsltMatch1.0.7

xmlsoftlibxsltMatch1.0.8

xmlsoftlibxsltMatch1.0.9

xmlsoftlibxsltMatch1.0.10

xmlsoftlibxsltMatch1.0.11

xmlsoftlibxsltMatch1.0.12

xmlsoftlibxsltMatch1.0.13

xmlsoftlibxsltMatch1.0.14

xmlsoftlibxsltMatch1.0.15

xmlsoftlibxsltMatch1.0.16

xmlsoftlibxsltMatch1.0.17

xmlsoftlibxsltMatch1.0.18

xmlsoftlibxsltMatch1.0.19

xmlsoftlibxsltMatch1.0.20

xmlsoftlibxsltMatch1.0.21

xmlsoftlibxsltMatch1.0.22

xmlsoftlibxsltMatch1.0.23

xmlsoftlibxsltMatch1.0.24

xmlsoftlibxsltMatch1.0.25

xmlsoftlibxsltMatch1.0.26

xmlsoftlibxsltMatch1.0.27

xmlsoftlibxsltMatch1.0.28

xmlsoftlibxsltMatch1.0.29

xmlsoftlibxsltMatch1.0.30

xmlsoftlibxsltMatch1.0.31

xmlsoftlibxsltMatch1.0.32

xmlsoftlibxsltMatch1.0.33

xmlsoftlibxsltMatch1.1.0

xmlsoftlibxsltMatch1.1.1

xmlsoftlibxsltMatch1.1.2

xmlsoftlibxsltMatch1.1.3

xmlsoftlibxsltMatch1.1.4

xmlsoftlibxsltMatch1.1.5

xmlsoftlibxsltMatch1.1.6

xmlsoftlibxsltMatch1.1.7

xmlsoftlibxsltMatch1.1.8

xmlsoftlibxsltMatch1.1.9

xmlsoftlibxsltMatch1.1.10

xmlsoftlibxsltMatch1.1.11

xmlsoftlibxsltMatch1.1.12

xmlsoftlibxsltMatch1.1.13

xmlsoftlibxsltMatch1.1.14

xmlsoftlibxsltMatch1.1.15

xmlsoftlibxsltMatch1.1.16

xmlsoftlibxsltMatch1.1.17

xmlsoftlibxsltMatch1.1.18

xmlsoftlibxsltMatch1.1.19

xmlsoftlibxsltMatch1.1.20

xmlsoftlibxsltMatch1.1.21

xmlsoftlibxsltMatch1.1.22

xmlsoftlibxsltMatch1.1.23

References

seclists.org/oss-sec/2013/q4/238

seclists.org/oss-sec/2013/q4/239

secunia.com/advisories/56072

www.osvdb.org/99671

bugzilla.novell.com/show_bug.cgi?id=849019

gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa

www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html

www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

8.3 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.7%

JSON

Related for NVD:CVE-2013-4520

debiancve2 ubuntucve2 securityvulns12 cve2 prion2 cvelist2 nessus33 openvas31 nvd1 thn1 android1 gentoo2 ibm1 fedora3 oraclelinux1 amazon1 veracode5 centos1 redhat2 ubuntu1 vmware2 chrome1 kitploit1 tenable1