4.3

CVE-2013-4520

Exploit
xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type.  NOTE: this issue is due to an incomplete fix for CVE-2012-2825.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XmlsoftLibxslt Version <= 1.1.24
XmlsoftLibxslt Version0.0.1
XmlsoftLibxslt Version0.1.0
XmlsoftLibxslt Version0.2.0
XmlsoftLibxslt Version0.3.0
XmlsoftLibxslt Version0.4.0
XmlsoftLibxslt Version0.5.0
XmlsoftLibxslt Version0.6.0
XmlsoftLibxslt Version0.7.0
XmlsoftLibxslt Version0.8.0
XmlsoftLibxslt Version0.9.0
XmlsoftLibxslt Version0.10.0
XmlsoftLibxslt Version0.11.0
XmlsoftLibxslt Version0.12.0
XmlsoftLibxslt Version0.13.0
XmlsoftLibxslt Version0.14.0
XmlsoftLibxslt Version1.0.0
XmlsoftLibxslt Version1.0.1
XmlsoftLibxslt Version1.0.2
XmlsoftLibxslt Version1.0.3
XmlsoftLibxslt Version1.0.4
XmlsoftLibxslt Version1.0.5
XmlsoftLibxslt Version1.0.6
XmlsoftLibxslt Version1.0.7
XmlsoftLibxslt Version1.0.8
XmlsoftLibxslt Version1.0.9
XmlsoftLibxslt Version1.0.10
XmlsoftLibxslt Version1.0.11
XmlsoftLibxslt Version1.0.12
XmlsoftLibxslt Version1.0.13
XmlsoftLibxslt Version1.0.14
XmlsoftLibxslt Version1.0.15
XmlsoftLibxslt Version1.0.16
XmlsoftLibxslt Version1.0.17
XmlsoftLibxslt Version1.0.18
XmlsoftLibxslt Version1.0.19
XmlsoftLibxslt Version1.0.20
XmlsoftLibxslt Version1.0.21
XmlsoftLibxslt Version1.0.22
XmlsoftLibxslt Version1.0.23
XmlsoftLibxslt Version1.0.24
XmlsoftLibxslt Version1.0.25
XmlsoftLibxslt Version1.0.26
XmlsoftLibxslt Version1.0.27
XmlsoftLibxslt Version1.0.28
XmlsoftLibxslt Version1.0.29
XmlsoftLibxslt Version1.0.30
XmlsoftLibxslt Version1.0.31
XmlsoftLibxslt Version1.0.32
XmlsoftLibxslt Version1.0.33
XmlsoftLibxslt Version1.1.0
XmlsoftLibxslt Version1.1.1
XmlsoftLibxslt Version1.1.2
XmlsoftLibxslt Version1.1.3
XmlsoftLibxslt Version1.1.4
XmlsoftLibxslt Version1.1.5
XmlsoftLibxslt Version1.1.6
XmlsoftLibxslt Version1.1.7
XmlsoftLibxslt Version1.1.8
XmlsoftLibxslt Version1.1.9
XmlsoftLibxslt Version1.1.10
XmlsoftLibxslt Version1.1.11
XmlsoftLibxslt Version1.1.12
XmlsoftLibxslt Version1.1.13
XmlsoftLibxslt Version1.1.14
XmlsoftLibxslt Version1.1.15
XmlsoftLibxslt Version1.1.16
XmlsoftLibxslt Version1.1.17
XmlsoftLibxslt Version1.1.18
XmlsoftLibxslt Version1.1.19
XmlsoftLibxslt Version1.1.20
XmlsoftLibxslt Version1.1.21
XmlsoftLibxslt Version1.1.22
XmlsoftLibxslt Version1.1.23
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.29% 0.811
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html
https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html
http://seclists.org/oss-sec/2013/q4/238
Patch
http://seclists.org/oss-sec/2013/q4/239
Patch
http://secunia.com/advisories/56072
Vendor Advisory
http://www.osvdb.org/99671
https://bugzilla.novell.com/show_bug.cgi?id=849019
Patch
Exploit
https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa
Patch
Exploit