REDHAT-BUG-2379274: Use After Free
Use-After-Free vulnerability in libxslt caused by unsafe manipulation of the atype field in attribute nodes. The flaw occurs when xsltSetSourceNodeFlags() sets extra flag bits on xmlAttrPtr->atype, a field later used by libxml2 to check whether an attribute is an XML ID. This corruption can cause libxml2 to skip cleanup steps like xmlRemoveID() during memory deallocation. As a result, ID table entries may point to freed memory, and later calls to xmlFreeID() will dereference these dangling pointers, triggering a use-after-free. This vulnerability is exploitable through crafted XSLT using the key() function and result tree fragments, and may result in denial-of-service or memory corruption.
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-2379274?
The severity of REDHAT-BUG-2379274 is classified as a critical vulnerability.
How do I fix REDHAT-BUG-2379274?
To fix REDHAT-BUG-2379274, update to the latest version of libxslt where the vulnerability is addressed.
What causes the vulnerability identified by REDHAT-BUG-2379274?
The vulnerability identified by REDHAT-BUG-2379274 is caused by unsafe manipulation of the atype field in attribute nodes in libxslt.
Which software is affected by REDHAT-BUG-2379274?
The affected software for REDHAT-BUG-2379274 is Libxml2 libxslt.
What are the potential impacts of REDHAT-BUG-2379274?
The potential impacts of REDHAT-BUG-2379274 include corruption of XML attribute information leading to security issues.