Nixpkgs security tracker
NIXPKGS-2026-0035
published on
Permalink
CVE-2025-11731
3.1 LOW
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): None (N)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): Low (L)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
2 packages
- python312Packages.libxslt
- python313Packages.libxslt
- @LeSuisse deleted maintainer @jtojnar maintainer.delete
- @LeSuisse accepted
- @LeSuisse published on GitHub
Libxslt: type confusion in exsltfuncresultcompfunction of libxslt
A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.
References
Affected products
rhcos
libxslt
- <1.1.44
Matching in nixpkgs
Ignored packages (2)
pkgs.python312Packages.libxslt
C library and tools to do XSL transformations
pkgs.python313Packages.libxslt
C library and tools to do XSL transformations
Package maintainers
Ignored maintainers (1)
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>