Bug 1716448 (CVE-2016-4610) - CVE-2016-4610 libxslt: Invalid memory access leading to DoS at exsltDynMapFunction()
Summary: CVE-2016-4610 libxslt: Invalid memory access leading to DoS at exsltDynMapFun...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-4610
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1716458 1716459 1718310 1725529
Blocks: 1714985
TreeView+ depends on / blocked
 
Reported: 2019-06-03 14:22 UTC by Dhananjay Arunesh
Modified: 2021-10-27 03:29 UTC (History)
15 users (show)

Fixed In Version: libxslt 1.1.29
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-27 03:29:16 UTC
Embargoed:


Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-06-03 14:22:48 UTC
libxslt allows remote attackers to cause a denial of service (memory corruption)
or possibly have unspecified other impact via unknown vectors, a different
vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and
CVE-2016-4612.

Reference:
http://seclists.org/oss-sec/2017/q2/385

Comment 1 Dhananjay Arunesh 2019-06-03 14:34:46 UTC
Created libxslt tracking bugs for this issue:

Affects: fedora-all [bug 1716458]


Created mingw-libxslt tracking bugs for this issue:

Affects: fedora-all [bug 1716459]

Comment 3 Marco Benatto 2019-06-07 13:03:34 UTC
Upstream commit for this issue:
https://gitlab.gnome.org/GNOME/libxslt/commit/93bb314768aafaffad1df15bbee10b7c5423e283

Comment 7 Marco Benatto 2019-06-11 13:23:35 UTC
The exsltDynMapFunction() function from libxslt before version 1.1.29 doesn't handle namespace entries correctly.
As libxslt uses libxml2 for XML parsing, it should consider namespace entries as xmlNs objects but handles them as
a standard xmlNode instead. This error causes a invalid memory access within libxml2 when trying to apply a XSL stylesheet.
An attacker can leverage this by using a crafted XSL and XML files to cause DoS.

Comment 8 Marco Benatto 2019-06-12 15:06:21 UTC
Statement:

Red Hat OpenStack will consume fixes from the base Red Hat Enterprise Linux Operating System. Therefore the package provided by Red Hat OpenStack has been marked as will not fix.

This issue affects the version of libxslt as shipped with Red Hat Enterprise Linux 5, 6 and 7 and was rated as having Moderated security impact by the Red Hat Product Security.
An eventual update for Red Hat Enterprise Linux 7 may address this issue.

Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.


Note You need to log in before you can comment on or make changes to this bug.