ID CVE-2012-6139
Summary libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.
References
Vulnerable Configurations
  • XMLSoft libxslt 0.0.1
    cpe:2.3:a:xmlsoft:libxslt:0.0.1
  • XMLSoft libxslt 0.1.0
    cpe:2.3:a:xmlsoft:libxslt:0.1.0
  • XMLSoft libxslt 0.2.0
    cpe:2.3:a:xmlsoft:libxslt:0.2.0
  • XMLSoft libxslt 0.3.0
    cpe:2.3:a:xmlsoft:libxslt:0.3.0
  • XMLSoft libxslt 0.4.0
    cpe:2.3:a:xmlsoft:libxslt:0.4.0
  • XMLSoft libxslt 0.5.0
    cpe:2.3:a:xmlsoft:libxslt:0.5.0
  • XMLSoft libxslt 0.6.0
    cpe:2.3:a:xmlsoft:libxslt:0.6.0
  • XMLSoft libxslt 0.7.0
    cpe:2.3:a:xmlsoft:libxslt:0.7.0
  • XMLSoft libxslt 0.8.0
    cpe:2.3:a:xmlsoft:libxslt:0.8.0
  • XMLSoft libxslt 0.9.0
    cpe:2.3:a:xmlsoft:libxslt:0.9.0
  • XMLSoft libxslt 0.10.0
    cpe:2.3:a:xmlsoft:libxslt:0.10.0
  • XMLSoft libxslt 0.11.0
    cpe:2.3:a:xmlsoft:libxslt:0.11.0
  • XMLSoft libxslt 0.12.0
    cpe:2.3:a:xmlsoft:libxslt:0.12.0
  • XMLSoft libxslt 0.13.0
    cpe:2.3:a:xmlsoft:libxslt:0.13.0
  • XMLSoft libxslt 0.14.0
    cpe:2.3:a:xmlsoft:libxslt:0.14.0
  • XMLSoft libxslt 1.0.0
    cpe:2.3:a:xmlsoft:libxslt:1.0.0
  • XMLSoft libxslt 1.0.1
    cpe:2.3:a:xmlsoft:libxslt:1.0.1
  • XMLSoft libxslt 1.0.2
    cpe:2.3:a:xmlsoft:libxslt:1.0.2
  • XMLSoft libxslt 1.0.3
    cpe:2.3:a:xmlsoft:libxslt:1.0.3
  • XMLSoft libxslt 1.0.4
    cpe:2.3:a:xmlsoft:libxslt:1.0.4
  • XMLSoft libxslt 1.0.5
    cpe:2.3:a:xmlsoft:libxslt:1.0.5
  • XMLSoft libxslt 1.0.6
    cpe:2.3:a:xmlsoft:libxslt:1.0.6
  • XMLSoft libxslt 1.0.7
    cpe:2.3:a:xmlsoft:libxslt:1.0.7
  • XMLSoft libxslt 1.0.8
    cpe:2.3:a:xmlsoft:libxslt:1.0.8
  • XMLSoft libxslt 1.0.9
    cpe:2.3:a:xmlsoft:libxslt:1.0.9
  • XMLSoft libxslt 1.0.10
    cpe:2.3:a:xmlsoft:libxslt:1.0.10
  • XMLSoft libxslt 1.0.11
    cpe:2.3:a:xmlsoft:libxslt:1.0.11
  • XMLSoft libxslt 1.0.12
    cpe:2.3:a:xmlsoft:libxslt:1.0.12
  • XMLSoft libxslt 1.0.13
    cpe:2.3:a:xmlsoft:libxslt:1.0.13
  • XMLSoft libxslt 1.0.14
    cpe:2.3:a:xmlsoft:libxslt:1.0.14
  • XMLSoft libxslt 1.0.15
    cpe:2.3:a:xmlsoft:libxslt:1.0.15
  • XMLSoft libxslt 1.0.16
    cpe:2.3:a:xmlsoft:libxslt:1.0.16
  • XMLSoft libxslt 1.0.17
    cpe:2.3:a:xmlsoft:libxslt:1.0.17
  • XMLSoft libxslt 1.0.18
    cpe:2.3:a:xmlsoft:libxslt:1.0.18
  • XMLSoft libxslt 1.0.19
    cpe:2.3:a:xmlsoft:libxslt:1.0.19
  • XMLSoft libxslt 1.0.20
    cpe:2.3:a:xmlsoft:libxslt:1.0.20
  • XMLSoft libxslt 1.0.21
    cpe:2.3:a:xmlsoft:libxslt:1.0.21
  • XMLSoft libxslt 1.0.22
    cpe:2.3:a:xmlsoft:libxslt:1.0.22
  • XMLSoft libxslt 1.0.23
    cpe:2.3:a:xmlsoft:libxslt:1.0.23
  • XMLSoft libxslt 1.0.24
    cpe:2.3:a:xmlsoft:libxslt:1.0.24
  • XMLSoft libxslt 1.0.25
    cpe:2.3:a:xmlsoft:libxslt:1.0.25
  • XMLSoft libxslt 1.0.26
    cpe:2.3:a:xmlsoft:libxslt:1.0.26
  • XMLSoft libxslt 1.0.27
    cpe:2.3:a:xmlsoft:libxslt:1.0.27
  • XMLSoft libxslt 1.0.28
    cpe:2.3:a:xmlsoft:libxslt:1.0.28
  • XMLSoft libxslt 1.0.29
    cpe:2.3:a:xmlsoft:libxslt:1.0.29
  • XMLSoft libxslt 1.0.30
    cpe:2.3:a:xmlsoft:libxslt:1.0.30
  • XMLSoft libxslt 1.0.31
    cpe:2.3:a:xmlsoft:libxslt:1.0.31
  • XMLSoft libxslt 1.0.32
    cpe:2.3:a:xmlsoft:libxslt:1.0.32
  • XMLSoft libxslt 1.0.33
    cpe:2.3:a:xmlsoft:libxslt:1.0.33
  • XMLSoft libxslt 1.1.0
    cpe:2.3:a:xmlsoft:libxslt:1.1.0
  • XMLSoft libxslt 1.1.1
    cpe:2.3:a:xmlsoft:libxslt:1.1.1
  • XMLSoft libxslt 1.1.2
    cpe:2.3:a:xmlsoft:libxslt:1.1.2
  • XMLSoft libxslt 1.1.3
    cpe:2.3:a:xmlsoft:libxslt:1.1.3
  • XMLSoft libxslt 1.1.4
    cpe:2.3:a:xmlsoft:libxslt:1.1.4
  • XMLSoft libxslt 1.1.5
    cpe:2.3:a:xmlsoft:libxslt:1.1.5
  • XMLSoft libxslt 1.1.6
    cpe:2.3:a:xmlsoft:libxslt:1.1.6
  • XMLSoft libxslt 1.1.7
    cpe:2.3:a:xmlsoft:libxslt:1.1.7
  • XMLSoft libxslt 1.1.8
    cpe:2.3:a:xmlsoft:libxslt:1.1.8
  • XMLSoft libxslt 1.1.9
    cpe:2.3:a:xmlsoft:libxslt:1.1.9
  • XMLSoft libxslt 1.1.10
    cpe:2.3:a:xmlsoft:libxslt:1.1.10
  • XMLSoft libxslt 1.1.11
    cpe:2.3:a:xmlsoft:libxslt:1.1.11
  • XMLSoft libxslt 1.1.12
    cpe:2.3:a:xmlsoft:libxslt:1.1.12
  • XMLSoft libxslt 1.1.13
    cpe:2.3:a:xmlsoft:libxslt:1.1.13
  • XMLSoft libxslt 1.1.14
    cpe:2.3:a:xmlsoft:libxslt:1.1.14
  • XMLSoft libxslt 1.1.15
    cpe:2.3:a:xmlsoft:libxslt:1.1.15
  • XMLSoft libxslt 1.1.16
    cpe:2.3:a:xmlsoft:libxslt:1.1.16
  • XMLSoft libxslt 1.1.17
    cpe:2.3:a:xmlsoft:libxslt:1.1.17
  • XMLSoft libxslt 1.1.18
    cpe:2.3:a:xmlsoft:libxslt:1.1.18
  • XMLSoft libxslt 1.1.19
    cpe:2.3:a:xmlsoft:libxslt:1.1.19
  • XMLSoft libxslt 1.1.20
    cpe:2.3:a:xmlsoft:libxslt:1.1.20
  • XMLSoft libxslt 1.1.21
    cpe:2.3:a:xmlsoft:libxslt:1.1.21
  • XMLSoft libxslt 1.1.22
    cpe:2.3:a:xmlsoft:libxslt:1.1.22
  • XMLSoft libxslt 1.1.23
    cpe:2.3:a:xmlsoft:libxslt:1.1.23
  • XMLSoft libxslt 1.1.24
    cpe:2.3:a:xmlsoft:libxslt:1.1.24
  • XMLSoft libxslt 1.1.25
    cpe:2.3:a:xmlsoft:libxslt:1.1.25
  • XMLSoft libxslt 1.1.26
    cpe:2.3:a:xmlsoft:libxslt:1.1.26
  • XMLSoft libxslt 1.1.27
    cpe:2.3:a:xmlsoft:libxslt:1.1.27
  • OpenSUSE 11.4
    cpe:2.3:o:opensuse:opensuse:11.4
  • OpenSUSE 12.1
    cpe:2.3:o:opensuse:opensuse:12.1
  • OpenSUSE 12.2
    cpe:2.3:o:opensuse:opensuse:12.2
  • OpenSUSE 12.3
    cpe:2.3:o:opensuse:opensuse:12.3
CVSS
Base: 5.0 (as of 15-04-2013 - 09:46)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2654.NASL
    description Nicolas Gregoire discovered that libxslt, an XSLT processing runtime library, is prone to denial of service vulnerabilities via crafted XSL stylesheets.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65793
    published 2013-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65793
    title Debian DSA-2654-1 : libxslt - denial of service
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBXSLT-8534.NASL
    description libxslt has been updated to fix two denial of service issues via crashes by NULL pointer dereference on attacker supplied XSLT scripts. (CVE-2012-6139)
    last seen 2019-02-21
    modified 2013-05-01
    plugin id 66290
    published 2013-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66290
    title SuSE 10 Security Update : libxslt (ZYPP Patch Number 8534)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-141.NASL
    description Updated libxslt packages fix security vulnerability : Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service (CVE-2012-6139).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 66153
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66153
    title Mandriva Linux Security Advisory : libxslt (MDVSA-2013:141)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-4507.NASL
    description Update to libxslt-1.1.28 to fix CVE-2012-6139 where the library could crash on invalid key references in stylesheets Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 66005
    published 2013-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66005
    title Fedora 18 : libxslt-1.1.28-1.fc18 (2013-4507)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-289.NASL
    description Two denial of service problems (crashes with NULL pointer derference) were fixed in libxslt, which could potentially be used by remote attackers to crash libxslt using programs.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74951
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74951
    title openSUSE Security Update : libxslt (openSUSE-SU-2013:0585-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBXSLT-130327.NASL
    description libxslt has been updated to fix two denial of service issues via crashes by NULL pointer dereference on attacker supplied XSLT scripts. (CVE-2012-6139)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 66288
    published 2013-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66288
    title SuSE 11.2 Security Update : libxslt (SAT Patch Number 7569)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201401-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-201401-07 (libxslt: Denial of Service) Multiple vulnerabilities have been found in libxslt: Multiple errors exist in pattern.c and functions.c (CVE-2012-2870, CVE-2012-6139). A double-free error exists in templates.c (CVE-2012-2893). A NULL pointer dereference in keys.c (CVE-2012-6139). An error in handling stylesheets containing DTDs (CVE-2013-4520). Impact : A remote attacker could entice a user to process a specially crafted file in an application linked against libxslt, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 71907
    published 2014-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71907
    title GLSA-201401-07 : libxslt: Denial of Service
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_LIBXSLT_20140114.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. (CVE-2012-6139)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80694
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80694
    title Oracle Solaris Third-Party Patch Update : libxslt (cve_2012_5581_denial_of1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1784-1.NASL
    description Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 65786
    published 2013-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65786
    title Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : libxslt vulnerability (USN-1784-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBXSLT-131106.NASL
    description libxslt received a security update to fix a security issue : - The XSL implementation in libxslt allowed remote attackers to cause a denial of service (crash) via an invalid DTD. (addendum due to incomplete fix for CVE-2012-2825). (CVE-2013-4520)
    last seen 2019-02-21
    modified 2013-11-12
    plugin id 70843
    published 2013-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70843
    title SuSE 11.2 / 11.3 Security Update : libxslt (SAT Patch Numbers 8500 / 8501)
refmap via4
confirm
debian DSA-2654
fedora FEDORA-2013-4507
mandriva MDVSA-2013:141
sectrack 1028338
secunia
  • 52745
  • 52805
  • 52813
  • 52884
suse
  • SUSE-SU-2013:1654
  • SUSE-SU-2013:1656
  • openSUSE-SU-2013:0585
  • openSUSE-SU-2013:0593
ubuntu USN-1784-1
Last major update 06-02-2014 - 23:44
Published 12-04-2013 - 18:55
Last modified 30-10-2018 - 12:27
Back to Top