Red Hat Customer Portal

Skip to main content

CVE-2012-6139

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.

Details Source

Mitre

Statement

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Public Date

2012-10-02 00:00:00

Impact

Low

Bugzilla

CVE-2012-6139 libxslt: two DoS issues fixed in 1.1.28

Bugzilla ID

927 386

CVSS Status

draft

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:N/I:N/A:P

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 mingw32-libxslt Will not fix
Red Hat Enterprise Linux 6 libxslt Will not fix
Red Hat Enterprise Linux 5 libxslt Will not fix