CVE-2011-1202
libxslt: Heap address leak in XLST
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
Vulnerabilidad no especificada en la implementación XSLT en Google Chrome anterior a v10.0.648.127 permite a atacantes remotos obtener información sensible acerca de las direcciones de memoria en el montón mediante vectores desconocidos.
Unspecified vulnerability in XSLT allows remote attackers to obtain potentially sensitive information about heap memory addresses via unknown vectors. libxslt 1.1.26 and earlier does not properly manage memory, which might allow remote attackers to cause a denial of service via a crafted XSLT expression that is not properly identified during XPath navigation, related to the xsltCompileLocationPathPattern function in libxslt/pattern.c and the xsltGenerateIdFunction function in libxslt/functions.c. libxml2 2.9.0-rc1 and earlier does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. Double free vulnerability in libxslt allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms. The updated packages have been patched to correct these issues.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-03-03 CVE Reserved
- 2011-03-11 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://downloads.avaya.com/css/P8/documents/100144158 | Third Party Advisory | |
| http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html | Third Party Advisory | |
| http://www.securityfocus.com/bid/46785 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65966 | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244 | Signature |
| URL | Date | SRC |
|---|---|---|
| http://code.google.com/p/chromium/issues/detail?id=73716 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f | 2020-06-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 10.0.648.127 Search vendor "Google" for product "Chrome" and version " < 10.0.648.127" | - |
Affected
| ||||||
| Xmlsoft Search vendor "Xmlsoft" | Libxslt Search vendor "Xmlsoft" for product "Libxslt" | <= 1.1.26 Search vendor "Xmlsoft" for product "Libxslt" and version " <= 1.1.26" | - |
Affected
| ||||||