Описание
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored.
Отчет
The use-after-free vulnerability in libxslt marked as a high severity rather than moderate due to its potential impact on system integrity and availability. This flaw arises during nested XPath evaluations where the context node can be modified without proper restoration, leading to use-after-free conditions. Exploitation of this vulnerability allows an attacker to execute arbitrary code, potentially causing significant disruptions or unauthorized actions within the affected system.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libxslt | Out of support scope | ||
| Red Hat Enterprise Linux 10 | libxslt | Fixed | RHSA-2025:7496 | 13.05.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | libxslt | Fixed | RHSA-2025:4098 | 23.04.2025 |
| Red Hat Enterprise Linux 8 | libxslt | Fixed | RHSA-2025:3615 | 07.04.2025 |
| Red Hat Enterprise Linux 8 | libxslt | Fixed | RHSA-2025:3615 | 07.04.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | libxslt | Fixed | RHSA-2025:3619 | 07.04.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | libxslt | Fixed | RHSA-2025:3626 | 07.04.2025 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | libxslt | Fixed | RHSA-2025:3626 | 07.04.2025 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | libxslt | Fixed | RHSA-2025:3626 | 07.04.2025 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | libxslt | Fixed | RHSA-2025:3625 | 07.04.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
numbers.c in libxslt before 1.1.43 has a use-after-free because, in ne ...
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
EPSS
7.8 High
CVSS3