Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0035

NIXPKGS-2026-0035
published on
Permalink CVE-2025-11731
3.1 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 4 months, 2 weeks ago
  • @LeSuisse removed package python312Packages.libxslt 2 months, 3 weeks ago
  • @LeSuisse removed package python313Packages.libxslt 2 months, 3 weeks ago
  • @LeSuisse removed maintainer @jtojnar 2 months, 3 weeks ago
  • @LeSuisse accepted 2 months, 3 weeks ago
  • @LeSuisse published on GitHub 2 months, 3 weeks ago
Libxslt: type confusion in exsltfuncresultcompfunction of libxslt

A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.

Affected products

rhcos
libxslt
  • <1.1.44

Matching in nixpkgs

pkgs.libxslt

C library and tools to do XSL transformations

Package maintainers

Ignored maintainers (1)