Bug 2352484 (CVE-2024-55549) - CVE-2024-55549 libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList)
Summary: CVE-2024-55549 libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList)
Keywords:
Status: NEW
Alias: CVE-2024-55549
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2352513 2352515 2352516 2352519 2352522 2352514 2352517 2352518 2352520 2352521
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-03-14 02:01 UTC by OSIDB Bzimport
Modified: 2025-05-15 16:34 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:3672 0 None None None 2025-04-08 08:05:18 UTC
Red Hat Product Errata RHBA-2025:3760 0 None None None 2025-04-09 13:17:14 UTC
Red Hat Product Errata RHBA-2025:3784 0 None None None 2025-04-10 07:27:29 UTC
Red Hat Product Errata RHBA-2025:3785 0 None None None 2025-04-10 07:21:15 UTC
Red Hat Product Errata RHBA-2025:3796 0 None None None 2025-04-10 09:10:10 UTC
Red Hat Product Errata RHBA-2025:3830 0 None None None 2025-04-14 05:57:32 UTC
Red Hat Product Errata RHBA-2025:3950 0 None None None 2025-04-16 14:31:07 UTC
Red Hat Product Errata RHSA-2025:3612 0 None None None 2025-04-07 01:31:52 UTC
Red Hat Product Errata RHSA-2025:3613 0 None None None 2025-04-07 01:24:02 UTC
Red Hat Product Errata RHSA-2025:3614 0 None None None 2025-04-07 01:30:30 UTC
Red Hat Product Errata RHSA-2025:3615 0 None None None 2025-04-07 01:45:46 UTC
Red Hat Product Errata RHSA-2025:3619 0 None None None 2025-04-07 01:59:27 UTC
Red Hat Product Errata RHSA-2025:3624 0 None None None 2025-04-07 02:16:23 UTC
Red Hat Product Errata RHSA-2025:3625 0 None None None 2025-04-07 02:14:58 UTC
Red Hat Product Errata RHSA-2025:3626 0 None None None 2025-04-07 02:14:15 UTC
Red Hat Product Errata RHSA-2025:3627 0 None None None 2025-04-07 06:36:14 UTC
Red Hat Product Errata RHSA-2025:4025 0 None None None 2025-04-21 01:33:25 UTC
Red Hat Product Errata RHSA-2025:4098 0 None None None 2025-04-22 15:29:15 UTC
Red Hat Product Errata RHSA-2025:4422 0 None None None 2025-05-08 19:55:42 UTC
Red Hat Product Errata RHSA-2025:4427 0 None None None 2025-05-09 04:31:18 UTC
Red Hat Product Errata RHSA-2025:4431 0 None None None 2025-05-09 04:33:12 UTC
Red Hat Product Errata RHSA-2025:4677 0 None None None 2025-05-15 16:34:45 UTC
Red Hat Product Errata RHSA-2025:4731 0 None None None 2025-05-15 00:44:36 UTC
Red Hat Product Errata RHSA-2025:7410 0 None None None 2025-05-13 11:53:56 UTC
Red Hat Product Errata RHSA-2025:7496 0 None None None 2025-05-13 15:59:18 UTC

Description OSIDB Bzimport 2025-03-14 02:01:03 UTC 
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
Comment 3 errata-xmlrpc 2025-04-07 01:24:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:3613 https://access.redhat.com/errata/RHSA-2025:3613
Comment 4 errata-xmlrpc 2025-04-07 01:30:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:3614 https://access.redhat.com/errata/RHSA-2025:3614
Comment 5 errata-xmlrpc 2025-04-07 01:31:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:3612 https://access.redhat.com/errata/RHSA-2025:3612
Comment 6 errata-xmlrpc 2025-04-07 01:45:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:3615 https://access.redhat.com/errata/RHSA-2025:3615
Comment 7 errata-xmlrpc 2025-04-07 01:59:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:3619 https://access.redhat.com/errata/RHSA-2025:3619
Comment 8 errata-xmlrpc 2025-04-07 02:14:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2025:3626 https://access.redhat.com/errata/RHSA-2025:3626
Comment 9 errata-xmlrpc 2025-04-07 02:14:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:3625 https://access.redhat.com/errata/RHSA-2025:3625
Comment 10 errata-xmlrpc 2025-04-07 02:16:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:3624 https://access.redhat.com/errata/RHSA-2025:3624
Comment 11 errata-xmlrpc 2025-04-07 06:36:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:3627 https://access.redhat.com/errata/RHSA-2025:3627
Comment 12 errata-xmlrpc 2025-04-21 01:33:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:4025 https://access.redhat.com/errata/RHSA-2025:4025
Comment 13 errata-xmlrpc 2025-04-22 15:29:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:4098 https://access.redhat.com/errata/RHSA-2025:4098
Comment 14 Marc LAUTIER 2025-04-25 18:18:52 UTC 
Since applying this update on RHEL9 (libxslt-1.1.34-9.el9_5.2.x86_64), libxslt coredumps immediately upon reading an XSL excluding more than 2 namespaces (and issue an error when excluding 2).

To reproduce, run xsltproc command with the following XSL:
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0"
        xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
        xmlns:fo="http://www.w3.org/1999/XSL/Format"
        xmlns:xs="http://www.w3.org/2001/XMLSchema"
        exclude-result-prefixes="xsl fo xs">
</xsl:stylesheet>

Output:
realloc failed !
Segmentation fault (core dumped)
Comment 15 Norman Sardella 2025-04-26 10:49:46 UTC 
I tried build the 6.14 kernel with libxslt-1.1.34-9.el9_5.2.x86_64 under RHEL 9
Hit realloc failures during build of kernel docs with xml

434570.676644] xsltproc[1425048]: segfault at 0 ip 00007f99c3842f4d sp 00007ffc939cb3b0 error 4 in libxslt.so.1.1.34[ef4d,7f99c383e000+2a000] likely on CPU 0 (core 0, socket 0)
[434570.678118] Code: ba 00 00 00 45 31 ed eb 17 0f 1f 40 00 8b 83 38 01 00 00 49 83 c5 01 44 39 e8 0f 8e 9e 00 00 00 48 8b 83 30 01 00 00 4c 89 e6 <4a> 8b 3c e8 e8 1a c8 ff ff 85 c0 74 d6 48 8b 44 24 08 48 89 ef ff
Comment 17 deckberg 2025-04-28 17:45:42 UTC 
We are having the same problem as Marc LAUTIER.  We had to roll back to libxslt-1.1.34-9.el9_5.1.x86_64 and it immediately fixed the issue.  We have several exclude-result-prefixes in our code and are getting a Segmentation fault (core dumped).
Comment 18 Marc LAUTIER 2025-04-28 19:42:26 UTC 
The rpm libxslt-1.1.34-9.el9_5.3.x86_64 that was made available earlier today fixes the issue for me.

Thanks for the quick fix.
Comment 19 errata-xmlrpc 2025-05-08 19:55:40 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2025:4422 https://access.redhat.com/errata/RHSA-2025:4422
Comment 20 errata-xmlrpc 2025-05-09 04:31:17 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2025:4427 https://access.redhat.com/errata/RHSA-2025:4427
Comment 21 errata-xmlrpc 2025-05-09 04:33:11 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:4431 https://access.redhat.com/errata/RHSA-2025:4431
Comment 22 errata-xmlrpc 2025-05-13 11:53:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:7410 https://access.redhat.com/errata/RHSA-2025:7410
Comment 23 errata-xmlrpc 2025-05-13 15:59:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:7496 https://access.redhat.com/errata/RHSA-2025:7496
Comment 24 errata-xmlrpc 2025-05-15 00:44:34 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2025:4731 https://access.redhat.com/errata/RHSA-2025:4731
Comment 25 errata-xmlrpc 2025-05-15 16:34:44 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2025:4677 https://access.redhat.com/errata/RHSA-2025:4677
Note You need to log in before you can comment on or make changes to this bug.