CVE-2012-6139 in libxslt
Summary
by MITRE
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/02/2022
The vulnerability described in CVE-2012-6139 affects the libxslt library version 1.1.27 and earlier, representing a critical denial of service flaw that can be exploited remotely by attackers to crash applications relying on this XML transformation library. This vulnerability exists within the core processing functions of libxslt and specifically targets two distinct code paths that handle XSLT key operations and document function calls. The flaw manifests when processing malformed XSLT documents containing specific patterns that trigger improper memory handling within the library's internal functions.
The technical implementation of this vulnerability involves two primary attack vectors that exploit different aspects of the library's processing logic. The first vector targets the xsltAddKey function in keys.c where an empty match attribute in a XSL key element causes a NULL pointer dereference during key processing. This occurs because the function fails to properly validate or initialize the match attribute before attempting to dereference it, leading to a segmentation fault when the application attempts to access memory at a NULL address. The second vector affects the xsltDocumentFunction function in functions.c where an uninitialized variable leads to unpredictable behavior and eventual crash conditions when the function attempts to process document references in XSLT transformations. Both vulnerabilities stem from inadequate input validation and proper initialization of variables within the library's core processing functions.
The operational impact of CVE-2012-6139 extends beyond simple service disruption to potentially compromise entire application stacks that depend on libxslt for XML processing operations. Attackers can leverage this vulnerability to cause denial of service against web applications, content management systems, and other software platforms that utilize XSLT transformations for document processing or data rendering. The vulnerability affects any system processing untrusted XSLT content, making it particularly dangerous in web-facing applications where users can submit arbitrary XSLT documents. When exploited successfully, these flaws result in application crashes that can be repeatedly triggered to maintain service disruption, effectively creating a persistent denial of service condition that can impact availability for legitimate users.
This vulnerability aligns with CWE-476 which describes NULL pointer dereference conditions, and represents a classic example of improper input validation in library functions. From an attack perspective, the flaw maps to techniques described in the MITRE ATT&CK framework under the T1499.004 sub-technique for "Network Denial of Service" and potentially T1595.001 for "Network Scanning" when attackers probe for vulnerable systems. The vulnerability demonstrates poor defensive programming practices in that both attack vectors involve functions failing to properly initialize variables or validate input before processing, which violates fundamental security principles for robust software design. Organizations should prioritize patching affected systems and implementing proper input sanitization measures to prevent exploitation of this vulnerability.
Mitigation strategies should focus on immediate patch deployment to libxslt version 1.1.28 or later, which contains the necessary fixes for both code paths. Additionally, administrators should implement input validation controls at application boundaries to prevent processing of untrusted XSLT content, particularly when it originates from user inputs or external sources. Network-level protections such as intrusion detection systems can be configured to monitor for patterns associated with exploitation attempts. Organizations should also consider implementing sandboxing or containerization techniques for applications that process XSLT transformations to limit the impact of potential exploitation. Regular security assessments and vulnerability scanning should be conducted to identify systems running vulnerable versions of libxslt, with particular attention to web applications and services that handle XML processing functions. The fix implemented in the patched versions addresses both the NULL pointer dereference in xsltAddKey and the uninitialized variable issue in xsltDocumentFunction through proper input validation and memory initialization procedures.