CVE-2012-6139

2013-03-2600:00:00

ubuntu.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.143 Low

EPSS

Percentile

95.7%

JSON

libxslt before 1.1.28 allows remote attackers to cause a denial of service
(NULL pointer dereference and crash) via an (1) empty match attribute in a
XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable
to the xsltDocumentFunction function in functions.c.

Bugs

Notes

Author	Note
jdstrand	could reproduce 685328 on all releases but not 685330. PoCs in bugs (be sure to use ‘Save As’ in your browser when downloading PoCs)

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchlibxslt< 1.1.22-1ubuntu1.4UNKNOWN
ubuntu10.04noarchlibxslt< 1.1.26-1ubuntu1.2UNKNOWN
ubuntu11.10noarchlibxslt< 1.1.26-7ubuntu0.2UNKNOWN
ubuntu12.04noarchlibxslt< 1.1.26-8ubuntu1.3UNKNOWN
ubuntu12.10noarchlibxslt< 1.1.26-14ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	libxslt	< 1.1.22-1ubuntu1.4	UNKNOWN
ubuntu	10.04	noarch	libxslt	< 1.1.26-1ubuntu1.2	UNKNOWN
ubuntu	11.10	noarch	libxslt	< 1.1.26-7ubuntu0.2	UNKNOWN
ubuntu	12.04	noarch	libxslt	< 1.1.26-8ubuntu1.3	UNKNOWN
ubuntu	12.10	noarch	libxslt	< 1.1.26-14ubuntu0.1	UNKNOWN