製品・ソフトウェアに関する情報

JVN脆弱性詳細

libxslt におけるサービス運用妨害 (DoS) の脆弱性

Title	libxslt におけるサービス運用妨害 (DoS) の脆弱性
Summary	libxslt には、サービス運用妨害 (NULL ポインタデリファレンスおよびクラッシュ) 状態にされる脆弱性が存在します。補足情報 : CWE による脆弱性タイプは、CWE-476: NULL Pointer Dereference (NULL ポインタデリファレンス) と識別されています。 http://cwe.mitre.org/data/definitions/476.html
Possible impacts	第三者により、下記の項目を介して、サービス運用妨害 (NULL ポインタデリファレンスおよびクラッシュ) 状態にされる可能性があります。 (1) keys.c 内の xsltAddKey 関数の XSL キーの空の match 属性 (2) functions.c 内の xsltDocumentFunction 関数の未初期化変数
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Nov. 21, 2012, midnight
Registration Date	April 16, 2013, 1:40 p.m.
Last Update	Oct. 24, 2013, 5:32 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected System

Novell

openSUSE 11.4

openSUSE 12.1

openSUSE 12.2

openSUSE 12.3

xmlsoft.org

libxslt 1.1.28 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-6139	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139
National Vulnerability Database (NVD)
2	CVE-2012-6139	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6139
SECURITY BLOG
3	CVE-2012-6139 Denial of Service (DoS) vulnerability in LibXSLT	https://blogs.oracle.com/sunsecurity/entry/cve_2012_5581_denial_of1

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Debian Security Advisory
1	DSA-2654	http://www.debian.org/security/2013/dsa-2654
GNOME
2	Crash when passing an uninitialized variable to document()	https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833
3	Fix crash with empty xsl:key/@match attribute	https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d
GNOME Bugzilla
4	Bug 685328	https://bugzilla.gnome.org/show_bug.cgi?id=685328
5	Bug 685330	https://bugzilla.gnome.org/show_bug.cgi?id=685330
opensuse-updates
6	openSUSE-SU-2013:0585	http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html
7	openSUSE-SU-2013:0593	http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html
Ubuntu Security Notice
8	USN-1784-1	http://www.ubuntu.com/usn/USN-1784-1/
xmlsoft.org
9	News	http://xmlsoft.org/XSLT/news.html

Change Log

No	Changed Details	Date of change
0	[2013年04月16日] 掲載 [2013年10月24日] ベンダ情報：オラクル (CVE-2012-6139 Denial of Service (DoS) vulnerability in LibXSLT) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-6139

Summary	libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.
Publication Date	April 13, 2013, 7:55 a.m.
Registration Date	Jan. 28, 2021, 3:07 p.m.
Last Update	Nov. 21, 2024, 10:45 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:xmlsoft:libxslt:1.1.11:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.19:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.27:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.11:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.8:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.15:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.6.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.23:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.2:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.9:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.19:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.5:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.1:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.23:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.14:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.31:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.24:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.8:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.5.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.30:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.14.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.26:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.4.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.14:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.10.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.18:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.24:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.7.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.26:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.3:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.17:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.16:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.10:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.21:::::::*
cpe:2.3:a:xmlsoft:libxslt::::::::		1.1.27
cpe:2.3:a:xmlsoft:libxslt:1.0.6:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.32:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.29:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.21:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.1:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.5:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.13.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.15:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.18:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.13:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.12:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.0.1:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.25:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.6:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.20:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.12.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.7:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.20:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.25:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.2.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.22:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.8.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.9.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.3:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.11.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.4:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.7:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.16:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.9:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.28:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.10:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.12:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.1.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.22:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.3.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.2:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.13:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.33:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.4:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.17:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:opensuse:opensuse:12.3:::::::*
cpe:2.3:o:opensuse:opensuse:11.4:::::::*
cpe:2.3:o:opensuse:opensuse:12.2:::::::*
cpe:2.3:o:opensuse:opensuse:12.1:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html
2	http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html
3	http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html
4	http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html
5	http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html
6	http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html
7	http://secunia.com/advisories/52745	Vendor Advisory
8	http://secunia.com/advisories/52745	Vendor Advisory
9	http://secunia.com/advisories/52805	Vendor Advisory
10	http://secunia.com/advisories/52805	Vendor Advisory
11	http://secunia.com/advisories/52813	Vendor Advisory
12	http://secunia.com/advisories/52813	Vendor Advisory
13	http://secunia.com/advisories/52884	Vendor Advisory
14	http://secunia.com/advisories/52884	Vendor Advisory
15	http://www.debian.org/security/2013/dsa-2654
16	http://www.debian.org/security/2013/dsa-2654
17	http://www.mandriva.com/security/advisories?name=MDVSA-2013:141
18	http://www.mandriva.com/security/advisories?name=MDVSA-2013:141
19	http://www.securitytracker.com/id/1028338
20	http://www.securitytracker.com/id/1028338
21	http://www.ubuntu.com/usn/USN-1784-1
22	http://www.ubuntu.com/usn/USN-1784-1
23	http://xmlsoft.org/XSLT/news.html
24	http://xmlsoft.org/XSLT/news.html
25	https://bugzilla.gnome.org/show_bug.cgi?id=685328	Exploit Patch
26	https://bugzilla.gnome.org/show_bug.cgi?id=685328	Exploit Patch
27	https://bugzilla.gnome.org/show_bug.cgi?id=685330	Patch
28	https://bugzilla.gnome.org/show_bug.cgi?id=685330	Patch
29	https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833	Patch
30	https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833	Patch
31	https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d	Exploit Patch
32	https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d	Exploit Patch
33	https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107
34	https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107
35	https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html
36	https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html
37	https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html
38	https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:xmlsoft:libxslt:1.1.11:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.19:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.27:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.11:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.8:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.15:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.6.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.23:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.2:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.9:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.19:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.5:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.1:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.23:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.14:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.31:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.24:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.8:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.5.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.30:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.14.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.26:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.4.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.14:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.10.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.18:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.24:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.7.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.26:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.3:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.17:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.16:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.10:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.21:::::::*
cpe:2.3:a:xmlsoft:libxslt::::::::		1.1.27
cpe:2.3:a:xmlsoft:libxslt:1.0.6:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.32:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.29:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.21:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.1:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.5:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.13.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.15:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.18:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.13:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.12:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.0.1:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.25:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.6:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.20:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.12.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.7:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.20:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.25:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.2.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.22:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.8.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.9.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.3:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.11.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.4:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.7:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.16:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.9:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.28:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.10:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.12:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.1.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.22:::::::*
cpe:2.3:a:xmlsoft:libxslt:0.3.0:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.2:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.13:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.33:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.0.4:::::::*
cpe:2.3:a:xmlsoft:libxslt:1.1.17:::::::*