libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities

2013-03-25 / 2013-03-26

Credit: Agostino Sarubbo

Risk: Medium

Local: Yes

Remote: Yes

CVE: CVE-2012-6139

CWE: CWE-Other

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Partial

From the secunia advisory: https://secunia.com/advisories/52805/

1) An error within the "xsltDocumentFunction()" function (libxslt/functions.c) 
when parsing XSL templates can be exploited to cause a crash.

Commit code:
http://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833


2) A NULL-pointer dereference error within the "xsltAddKey()" function 
(libxslt/keys.c) when parsing XSL keys can be exploited to cause a crash.

Commit code:
http://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d



Both issue are fixed in the version 1.1.28
-- 
Agostino Sarubbo
Gentoo Linux Developer

References:

http://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833

http://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d

https://secunia.com/advisories/52805/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.