Fluid Attacks Database

Description

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libxslt	>=0 <1.1.26-7	1.1.26-7
debian 11	libxslt	>=0 <1.1.26-7	1.1.26-7
debian 14	libxslt	>=0 <1.1.26-7	1.1.26-7
rpm rhel6	libxslt	<0:1.1.26-2.el6_3.1	0:1.1.26-2.el6_3.1
debian 13	libxslt	>=0 <1.1.26-7	1.1.26-7
rpm rhel5	xulrunner	<0:1.9.2.17-3.el5_6	0:1.9.2.17-3.el5_6
rpm rhel5	firefox	<0:3.6.17-1.el5_6	0:3.6.17-1.el5_6
rpm rhel6	xulrunner	<0:1.9.2.17-4.el6_0	0:1.9.2.17-4.el6_0
rpm rhel6	firefox	<0:3.6.17-1.el6_0	0:3.6.17-1.el6_0
rpm rhel5	libxslt	<0:1.1.17-4.el5_8.3	0:1.1.17-4.el5_8.3

1-10 of 11

Aliases

1. CVE-2011-12022. NVD-2011-12023. OSV-DEBIAN-2011-12024. OSV-2011-12025. SECURITY-TRACKER-CVE-2011-1202

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.