Описание
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.
Отчет
This use-after-free vulnerability in libxslt marked as Important rather than a Moderate flaw, due to its potential to enable arbitrary code execution or cause denial-of-service conditions. The vulnerability arises from mishandled memory in the exclPrefixTab table, which references freed namespace URLs during stylesheet processing. When an included stylesheet has xsl:text as the root and is deleted, the associated namespace URLs remain referenced in exclPrefixTab despite being freed, leading to a classic use-after-free condition. Since libxslt is a core XML transformation library frequently used in complex server-side applications (e.g., web frameworks, document rendering), an attacker can craft malicious XSLT stylesheets to exploit this flaw, potentially gaining remote code execution within the application's process.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libxslt | Out of support scope | ||
| Red Hat Enterprise Linux 10 | libxslt | Fixed | RHSA-2025:7496 | 13.05.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | libxslt | Fixed | RHSA-2025:4098 | 23.04.2025 |
| Red Hat Enterprise Linux 8 | libxslt | Fixed | RHSA-2025:3615 | 07.04.2025 |
| Red Hat Enterprise Linux 8 | libxslt | Fixed | RHSA-2025:3615 | 07.04.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | libxslt | Fixed | RHSA-2025:3619 | 07.04.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | libxslt | Fixed | RHSA-2025:3626 | 07.04.2025 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | libxslt | Fixed | RHSA-2025:3626 | 07.04.2025 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | libxslt | Fixed | RHSA-2025:3626 | 07.04.2025 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | libxslt | Fixed | RHSA-2025:3625 | 07.04.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free i ...
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
EPSS
7.8 High
CVSS3