You are here

CVE-2011-1202

Vincent (CVE) Danen's picture
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

Details Source

Mitre

Statement

This issue affects the versions of libxslt package as shipped with Red Hat
Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this
issue as having low security impact, a future update may address this flaw.

Public Date

2011-02-22 00:00:00

Impact

Low

Bugzilla

CVE-2011-1202 libxslt: Heap address leak in XLST

Bugzilla ID

684 386

CVSS Status

verified

Base Score

2.60

Base Metrics

AV:N/AC:H/Au:N/C:P/I:N/A:N

IAVA

2013-A-0031

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (firefox) RHSA-2011:0471 2011-04-29
Red Hat Enterprise Linux 6 (libxslt) RHSA-2012:1265 2012-09-13
Red Hat Enterprise Linux 5 RHSA-2011:0471 2011-04-29
Red Hat Enterprise Linux 5 (libxslt) RHSA-2012:1265 2012-09-13
Red Hat Enterprise Linux 6 RHSA-2011:0471 2011-04-29

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 4 libxslt Will not fix