PT-2011-2944 · Libxslt+2 · Libxslt+2

Chris Evans

Published

2011-03-11

Updated

2024-12-12

CVE-2011-1202

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions libxslt versions 1.1.26 and earlier

Description The issue allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. This is related to the xsltGenerateIdFunction function in functions.c.

Recommendations For libxslt versions 1.1.26 and earlier, consider updating to a version later than 1.1.26 to resolve the issue. As a temporary workaround, consider restricting the use of the generate-id XPath function in XML documents until a patch is available.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CESA-2012_1265

CVE-2011-1202

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

RHSA-2011:0471

RHSA-2011_0471

RHSA-2012:1265

RHSA-2012_1265

Affected Products

Centos

Red Hat

Libxslt

PT-2011-2944 · Libxslt+2 · Libxslt+2

CVE-2011-1202

Weakness Enumeration

Related Identifiers

Affected Products

References · 2122