Vulnerabilites related to xmlsoft - libxslt
CVE-2011-3970 (GCVE-0-2011-3970)
Vulnerability from cvelistv5
Published
2012-02-09 02:00
Modified
2024-08-06 23:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2013:1654",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
},
{
"name": "SUSE-SU-2013:1656",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"name": "oval:org.mitre.oval:def:14818",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14818"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=110277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "SUSE-SU-2013:1654",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
},
{
"name": "SUSE-SU-2013:1656",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"name": "oval:org.mitre.oval:def:14818",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14818"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=110277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2013:1654",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
},
{
"name": "SUSE-SU-2013:1656",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"name": "oval:org.mitre.oval:def:14818",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14818"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=110277",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=110277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3970",
"datePublished": "2012-02-09T02:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13117 (GCVE-0-2019-13117)
Vulnerability from cvelistv5
Published
2019-07-01 01:27
Modified
2024-08-04 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://oss-fuzz.com/testcase-detail/5631739747106816"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"name": "USN-4164-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "FEDORA-2019-fdf6ec39b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"name": "openSUSE-SU-2020:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:08:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://oss-fuzz.com/testcase-detail/5631739747106816"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"name": "USN-4164-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "FEDORA-2019-fdf6ec39b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"name": "openSUSE-SU-2020:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1"
},
{
"name": "https://oss-fuzz.com/testcase-detail/5631739747106816",
"refsource": "MISC",
"url": "https://oss-fuzz.com/testcase-detail/5631739747106816"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190806-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"name": "USN-4164-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "FEDORA-2019-fdf6ec39b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"name": "openSUSE-SU-2020:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13117",
"datePublished": "2019-07-01T01:27:02",
"dateReserved": "2019-06-30T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4520 (GCVE-0-2013-4520)
Vulnerability from cvelistv5
Published
2013-12-14 20:00
Modified
2024-08-06 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131105 Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/239"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa"
},
{
"name": "SUSE-SU-2013:1654",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"name": "SUSE-SU-2013:1656",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"name": "56072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=849019"
},
{
"name": "99671",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/99671"
},
{
"name": "[oss-security] 20131105 CVE Request: additional fix for CVE-2012-2825 libxslt crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/238"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-14T19:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20131105 Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/239"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa"
},
{
"name": "SUSE-SU-2013:1654",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"name": "SUSE-SU-2013:1656",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"name": "56072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=849019"
},
{
"name": "99671",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/99671"
},
{
"name": "[oss-security] 20131105 CVE Request: additional fix for CVE-2012-2825 libxslt crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/238"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131105 Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/239"
},
{
"name": "https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa",
"refsource": "MISC",
"url": "https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa"
},
{
"name": "SUSE-SU-2013:1654",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"name": "SUSE-SU-2013:1656",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"name": "56072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56072"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=849019",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=849019"
},
{
"name": "99671",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/99671"
},
{
"name": "[oss-security] 20131105 CVE Request: additional fix for CVE-2012-2825 libxslt crash",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/238"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4520",
"datePublished": "2013-12-14T20:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29824 (GCVE-0-2022-29824)
Vulnerability from cvelistv5
Published
2022-05-03 00:00
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags"
},
{
"name": "FEDORA-2022-9136d646e4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/"
},
{
"name": "FEDORA-2022-be6d83642a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3012-1] libxml2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html"
},
{
"name": "FEDORA-2022-f624aad735",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/"
},
{
"name": "DSA-5142",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5142"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220715-0006/"
},
{
"name": "GLSA-202210-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-03"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don\u0027t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2\u0027s buffer functions, for example libxslt through 1.1.35, is affected as well."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags"
},
{
"name": "FEDORA-2022-9136d646e4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/"
},
{
"name": "FEDORA-2022-be6d83642a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3012-1] libxml2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html"
},
{
"name": "FEDORA-2022-f624aad735",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/"
},
{
"name": "DSA-5142",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5142"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14"
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab"
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd"
},
{
"url": "http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220715-0006/"
},
{
"name": "GLSA-202210-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-03"
},
{
"url": "http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29824",
"datePublished": "2022-05-03T00:00:00",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24855 (GCVE-0-2025-24855)
Vulnerability from cvelistv5
Published
2025-03-14 00:00
Modified
2025-08-02 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-02T03:55:44.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "libxslt",
"vendor": "xmlsoft",
"versions": [
{
"lessThan": "1.1.43",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1.43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T01:12:30.912Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/128"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-24855",
"datePublished": "2025-03-14T00:00:00.000Z",
"dateReserved": "2025-01-26T00:00:00.000Z",
"dateUpdated": "2025-08-02T03:55:44.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1683 (GCVE-0-2016-1683)
Vulnerability from cvelistv5
Published
2016-06-05 23:00
Modified
2024-08-05 23:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:13.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340016"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242"
},
{
"name": "90876",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90876"
},
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "openSUSE-SU-2016:1496",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "1035981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035981"
},
{
"name": "DSA-3590",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"name": "USN-2992-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name": "91826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "openSUSE-SU-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "RHSA-2016:1190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/583156"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206905"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206904"
},
{
"name": "GLSA-201607-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"name": "openSUSE-SU-2016:1433",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T19:06:07",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "DSA-3605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340016"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242"
},
{
"name": "90876",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90876"
},
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "openSUSE-SU-2016:1496",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "1035981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035981"
},
{
"name": "DSA-3590",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"name": "USN-2992-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name": "91826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "openSUSE-SU-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "RHSA-2016:1190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/583156"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206905"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206904"
},
{
"name": "GLSA-201607-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"name": "openSUSE-SU-2016:1433",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3605",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1340016",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340016"
},
{
"name": "https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242"
},
{
"name": "90876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90876"
},
{
"name": "APPLE-SA-2016-07-18-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "openSUSE-SU-2016:1496",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"name": "https://support.apple.com/HT206901",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206901"
},
{
"name": "1035981",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035981"
},
{
"name": "DSA-3590",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"name": "USN-2992-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name": "91826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "openSUSE-SU-2016:1430",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "RHSA-2016:1190",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"name": "https://crbug.com/583156",
"refsource": "CONFIRM",
"url": "https://crbug.com/583156"
},
{
"name": "https://support.apple.com/HT206905",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206905"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "https://support.apple.com/HT206902",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206902"
},
{
"name": "https://support.apple.com/HT206904",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206904"
},
{
"name": "GLSA-201607-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"name": "openSUSE-SU-2016:1433",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"name": "https://support.apple.com/HT206899",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1683",
"datePublished": "2016-06-05T23:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:13.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1684 (GCVE-0-2016-1684)
Vulnerability from cvelistv5
Published
2016-06-05 23:00
Modified
2024-08-05 23:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:13.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/583171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d"
},
{
"name": "DSA-3605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"name": "90876",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90876"
},
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "openSUSE-SU-2016:1496",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "1035981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340017"
},
{
"name": "DSA-3590",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"name": "USN-2992-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name": "openSUSE-SU-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "RHSA-2016:1190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206905"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206904"
},
{
"name": "GLSA-201607-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"name": "openSUSE-SU-2016:1433",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T19:06:06",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/583171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d"
},
{
"name": "DSA-3605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"name": "90876",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90876"
},
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "openSUSE-SU-2016:1496",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "1035981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340017"
},
{
"name": "DSA-3590",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"name": "USN-2992-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name": "openSUSE-SU-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "RHSA-2016:1190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206905"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206904"
},
{
"name": "GLSA-201607-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"name": "openSUSE-SU-2016:1433",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/583171",
"refsource": "CONFIRM",
"url": "https://crbug.com/583171"
},
{
"name": "https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d"
},
{
"name": "DSA-3605",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"name": "90876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90876"
},
{
"name": "APPLE-SA-2016-07-18-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "openSUSE-SU-2016:1496",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"name": "https://support.apple.com/HT206901",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206901"
},
{
"name": "1035981",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035981"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1340017",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340017"
},
{
"name": "DSA-3590",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"name": "USN-2992-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name": "openSUSE-SU-2016:1430",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "RHSA-2016:1190",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"name": "https://support.apple.com/HT206905",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206905"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "https://support.apple.com/HT206902",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206902"
},
{
"name": "https://support.apple.com/HT206904",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206904"
},
{
"name": "GLSA-201607-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"name": "openSUSE-SU-2016:1433",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"name": "https://support.apple.com/HT206899",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1684",
"datePublished": "2016-06-05T23:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:13.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4609 (GCVE-0-2016-4609)
Vulnerability from cvelistv5
Published
2016-07-22 01:00
Modified
2024-08-06 00:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-22T18:06:11",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-07-18-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "https://support.apple.com/HT206901",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "https://support.apple.com/HT206905",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036348"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "https://support.apple.com/HT206902",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206902"
},
{
"name": "https://support.apple.com/HT206904",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206904"
},
{
"name": "https://support.apple.com/HT206899",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2016-4609",
"datePublished": "2016-07-22T01:00:00",
"dateReserved": "2016-05-11T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6139 (GCVE-0-2012-6139)
Vulnerability from cvelistv5
Published
2013-04-12 22:00
Modified
2024-08-06 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1784-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1784-1"
},
{
"name": "52884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52884"
},
{
"name": "52813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52813"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685330"
},
{
"name": "SUSE-SU-2013:1654",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"name": "SUSE-SU-2013:1656",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d"
},
{
"name": "openSUSE-SU-2013:0593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html"
},
{
"name": "openSUSE-SU-2013:0585",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html"
},
{
"name": "MDVSA-2013:141",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:141"
},
{
"name": "1028338",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028338"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xmlsoft.org/XSLT/news.html"
},
{
"name": "52745",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52745"
},
{
"name": "FEDORA-2013-4507",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html"
},
{
"name": "52805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52805"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685328"
},
{
"name": "DSA-2654",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2654"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-05T15:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1784-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1784-1"
},
{
"name": "52884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52884"
},
{
"name": "52813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52813"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685330"
},
{
"name": "SUSE-SU-2013:1654",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"name": "SUSE-SU-2013:1656",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d"
},
{
"name": "openSUSE-SU-2013:0593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html"
},
{
"name": "openSUSE-SU-2013:0585",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html"
},
{
"name": "MDVSA-2013:141",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:141"
},
{
"name": "1028338",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028338"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xmlsoft.org/XSLT/news.html"
},
{
"name": "52745",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52745"
},
{
"name": "FEDORA-2013-4507",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html"
},
{
"name": "52805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52805"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685328"
},
{
"name": "DSA-2654",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2654"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1784-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1784-1"
},
{
"name": "52884",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52884"
},
{
"name": "52813",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52813"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=685330",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685330"
},
{
"name": "SUSE-SU-2013:1654",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"name": "SUSE-SU-2013:1656",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"name": "https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d"
},
{
"name": "openSUSE-SU-2013:0593",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html"
},
{
"name": "openSUSE-SU-2013:0585",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html"
},
{
"name": "MDVSA-2013:141",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:141"
},
{
"name": "1028338",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028338"
},
{
"name": "http://xmlsoft.org/XSLT/news.html",
"refsource": "CONFIRM",
"url": "http://xmlsoft.org/XSLT/news.html"
},
{
"name": "52745",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52745"
},
{
"name": "FEDORA-2013-4507",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html"
},
{
"name": "52805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52805"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107"
},
{
"name": "https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=685328",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685328"
},
{
"name": "DSA-2654",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2654"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6139",
"datePublished": "2013-04-12T22:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-9019 (GCVE-0-2015-9019)
Vulnerability from cvelistv5
Published
2017-04-05 21:00
Modified
2024-09-16 22:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:36:31.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=934119"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=758400"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-05T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=934119"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=758400"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=934119",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=934119"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=758400",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=758400"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9019",
"datePublished": "2017-04-05T21:00:00Z",
"dateReserved": "2017-04-05T00:00:00Z",
"dateUpdated": "2024-09-16T22:56:40.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5029 (GCVE-0-2017-5029)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- integer overflow
Summary
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
Version: Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5"
},
{
"name": "1038157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038157"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/676623"
},
{
"name": "DSA-3810",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3810"
},
{
"name": "96767",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96767"
},
{
"name": "RHSA-2017:0499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android"
}
]
}
],
"datePublic": "2017-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "integer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5"
},
{
"name": "1038157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038157"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/676623"
},
{
"name": "DSA-3810",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3810"
},
{
"name": "96767",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96767"
},
{
"name": "RHSA-2017:0499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"name": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5"
},
{
"name": "1038157",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038157"
},
{
"name": "https://crbug.com/676623",
"refsource": "CONFIRM",
"url": "https://crbug.com/676623"
},
{
"name": "DSA-3810",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3810"
},
{
"name": "96767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96767"
},
{
"name": "RHSA-2017:0499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2017-5029",
"datePublished": "2017-04-24T23:00:00",
"dateReserved": "2017-01-02T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18197 (GCVE-0-2019-18197)
Vulnerability from cvelistv5
Published
2019-10-18 20:07
Modified
2024-08-05 01:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"name": "USN-4164-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "[debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0004/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"name": "openSUSE-SU-2020:0189",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"name": "openSUSE-SU-2020:0210",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"name": "RHSA-2020:0514",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"name": "openSUSE-SU-2020:0233",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"name": "openSUSE-SU-2020:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-28T23:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"name": "USN-4164-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "[debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0004/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"name": "openSUSE-SU-2020:0189",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"name": "openSUSE-SU-2020:0210",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"name": "RHSA-2020:0514",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"name": "openSUSE-SU-2020:0233",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"name": "openSUSE-SU-2020:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"name": "USN-4164-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "[debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191031-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191031-0004/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"name": "openSUSE-SU-2020:0189",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"name": "openSUSE-SU-2020:0210",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"name": "RHSA-2020:0514",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"name": "openSUSE-SU-2020:0233",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"name": "openSUSE-SU-2020:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18197",
"datePublished": "2019-10-18T20:07:17",
"dateReserved": "2019-10-18T00:00:00",
"dateUpdated": "2024-08-05T01:47:13.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4607 (GCVE-0-2016-4607)
Vulnerability from cvelistv5
Published
2016-07-22 01:00
Modified
2024-08-06 00:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:26.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "91834",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91834"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T19:06:06",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "91834",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91834"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-07-18-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "https://support.apple.com/HT206901",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206901"
},
{
"name": "91834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91834"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "https://support.apple.com/HT206905",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036348"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "https://support.apple.com/HT206902",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206902"
},
{
"name": "https://support.apple.com/HT206904",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206904"
},
{
"name": "https://support.apple.com/HT206899",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2016-4607",
"datePublished": "2016-07-22T01:00:00",
"dateReserved": "2016-05-11T00:00:00",
"dateUpdated": "2024-08-06T00:32:26.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4610 (GCVE-0-2016-4610)
Vulnerability from cvelistv5
Published
2016-07-22 01:00
Modified
2024-08-06 00:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-22T18:06:11",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-07-18-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "https://support.apple.com/HT206901",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "https://support.apple.com/HT206905",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036348"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "https://support.apple.com/HT206902",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206902"
},
{
"name": "https://support.apple.com/HT206904",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206904"
},
{
"name": "https://support.apple.com/HT206899",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2016-4610",
"datePublished": "2016-07-22T01:00:00",
"dateReserved": "2016-05-11T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2935 (GCVE-0-2008-2935)
Vulnerability from cvelistv5
Published
2008-08-01 14:00
Modified
2024-08-07 09:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2008:0649",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0649.html"
},
{
"name": "oval:org.mitre.oval:def:10827",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827"
},
{
"name": "libxslt-multiple-crypto-bo(44141)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44141"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306"
},
{
"name": "32453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32453"
},
{
"name": "31399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31399"
},
{
"name": "31363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31363"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.scary.beasts.org/security/CESA-2008-003.html"
},
{
"name": "FEDORA-2008-7029",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html"
},
{
"name": "20080731 [oCERT-2008-009] libxslt heap overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494976/100/0/threaded"
},
{
"name": "30467",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30467"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/patches/exslt_crypt.patch"
},
{
"name": "4078",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4078"
},
{
"name": "GLSA-200808-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-06.xml"
},
{
"name": "31310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31310"
},
{
"name": "MDVSA-2008:160",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:160"
},
{
"name": "USN-633-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-633-1"
},
{
"name": "31331",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31331"
},
{
"name": "20081027 rPSA-2008-0306-1 libxslt",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497829/100/0/threaded"
},
{
"name": "20080801 libxslt heap overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495018/100/0/threaded"
},
{
"name": "31230",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31230"
},
{
"name": "FEDORA-2008-7062",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html"
},
{
"name": "ADV-2008-2266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2266/references"
},
{
"name": "1020596",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020596"
},
{
"name": "DSA-1624",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1624"
},
{
"name": "31395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31395"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as \"an argument in the XSL input.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2008:0649",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0649.html"
},
{
"name": "oval:org.mitre.oval:def:10827",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827"
},
{
"name": "libxslt-multiple-crypto-bo(44141)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44141"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306"
},
{
"name": "32453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32453"
},
{
"name": "31399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31399"
},
{
"name": "31363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31363"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.scary.beasts.org/security/CESA-2008-003.html"
},
{
"name": "FEDORA-2008-7029",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html"
},
{
"name": "20080731 [oCERT-2008-009] libxslt heap overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494976/100/0/threaded"
},
{
"name": "30467",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30467"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/patches/exslt_crypt.patch"
},
{
"name": "4078",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4078"
},
{
"name": "GLSA-200808-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-06.xml"
},
{
"name": "31310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31310"
},
{
"name": "MDVSA-2008:160",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:160"
},
{
"name": "USN-633-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-633-1"
},
{
"name": "31331",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31331"
},
{
"name": "20081027 rPSA-2008-0306-1 libxslt",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497829/100/0/threaded"
},
{
"name": "20080801 libxslt heap overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495018/100/0/threaded"
},
{
"name": "31230",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31230"
},
{
"name": "FEDORA-2008-7062",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html"
},
{
"name": "ADV-2008-2266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2266/references"
},
{
"name": "1020596",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020596"
},
{
"name": "DSA-1624",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1624"
},
{
"name": "31395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31395"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-009.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2935",
"datePublished": "2008-08-01T14:00:00",
"dateReserved": "2008-06-30T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5815 (GCVE-0-2019-5815)
Vulnerability from cvelistv5
Published
2019-12-11 00:55
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663"
},
{
"name": "[debian-lts-announce] 20220909 [SECURITY] [DLA 3101-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "74.0.3729.108",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T15:06:13",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663"
},
{
"name": "[debian-lts-announce] 20220909 [SECURITY] [DLA 3101-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2019-5815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "74.0.3729.108"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b"
},
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663"
},
{
"name": "[debian-lts-announce] 20220909 [SECURITY] [DLA 3101-1] libxslt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-5815",
"datePublished": "2019-12-11T00:55:15",
"dateReserved": "2019-01-09T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1202 (GCVE-0-2011-1202)
Vulnerability from cvelistv5
Published
2011-03-11 01:00
Modified
2024-08-06 22:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:33.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:14244",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244"
},
{
"name": "46785",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46785"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f"
},
{
"name": "MDVSA-2011:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=73716"
},
{
"name": "google-xslt-info-disclosure(65966)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65966"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386"
},
{
"name": "MDVSA-2012:164",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.avaya.com/css/P8/documents/100144158"
},
{
"name": "ADV-2011-0628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:14244",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244"
},
{
"name": "46785",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46785"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f"
},
{
"name": "MDVSA-2011:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=73716"
},
{
"name": "google-xslt-info-disclosure(65966)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65966"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386"
},
{
"name": "MDVSA-2012:164",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.avaya.com/css/P8/documents/100144158"
},
{
"name": "ADV-2011-0628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14244",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244"
},
{
"name": "46785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46785"
},
{
"name": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f"
},
{
"name": "MDVSA-2011:079",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"name": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html",
"refsource": "MISC",
"url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=73716",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=73716"
},
{
"name": "google-xslt-info-disclosure(65966)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65966"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=684386",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386"
},
{
"name": "MDVSA-2012:164",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"name": "http://downloads.avaya.com/css/P8/documents/100144158",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100144158"
},
{
"name": "ADV-2011-0628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1202",
"datePublished": "2011-03-11T01:00:00",
"dateReserved": "2011-03-03T00:00:00",
"dateUpdated": "2024-08-06T22:21:33.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4608 (GCVE-0-2016-4608)
Vulnerability from cvelistv5
Published
2016-07-22 01:00
Modified
2024-08-06 00:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T19:06:07",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-07-18-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "https://support.apple.com/HT206901",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "https://support.apple.com/HT206905",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036348"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "https://support.apple.com/HT206902",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206902"
},
{
"name": "https://support.apple.com/HT206904",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206904"
},
{
"name": "https://support.apple.com/HT206899",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2016-4608",
"datePublished": "2016-07-22T01:00:00",
"dateReserved": "2016-05-11T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2870 (GCVE-0-2012-2870)
Vulnerability from cvelistv5
Published
2012-08-31 19:00
Modified
2024-08-06 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=138672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromiumcodereview.appspot.com/10823168"
},
{
"name": "50838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50838"
},
{
"name": "APPLE-SA-2013-10-22-8",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"name": "DSA-2555",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684\u0026r2=149998"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"name": "54886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5934"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=140368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromiumcodereview.appspot.com/10830177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log"
},
{
"name": "openSUSE-SU-2012:1215",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"name": "MDVSA-2012:164",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654\u0026r2=150123"
},
{
"name": "APPLE-SA-2013-09-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-23T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=138672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromiumcodereview.appspot.com/10823168"
},
{
"name": "50838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50838"
},
{
"name": "APPLE-SA-2013-10-22-8",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"name": "DSA-2555",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684\u0026r2=149998"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"name": "54886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5934"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=140368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromiumcodereview.appspot.com/10830177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log"
},
{
"name": "openSUSE-SU-2012:1215",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"name": "MDVSA-2012:164",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654\u0026r2=150123"
},
{
"name": "APPLE-SA-2013-09-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=138672",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=138672"
},
{
"name": "https://chromiumcodereview.appspot.com/10823168",
"refsource": "CONFIRM",
"url": "https://chromiumcodereview.appspot.com/10823168"
},
{
"name": "50838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50838"
},
{
"name": "APPLE-SA-2013-10-22-8",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"name": "DSA-2555",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"name": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684\u0026r2=149998",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684\u0026r2=149998"
},
{
"name": "http://support.apple.com/kb/HT6001",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6001"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"name": "54886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54886"
},
{
"name": "http://support.apple.com/kb/HT5934",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5934"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=140368",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=140368"
},
{
"name": "https://chromiumcodereview.appspot.com/10830177",
"refsource": "CONFIRM",
"url": "https://chromiumcodereview.appspot.com/10830177"
},
{
"name": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log"
},
{
"name": "openSUSE-SU-2012:1215",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"name": "MDVSA-2012:164",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"name": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log"
},
{
"name": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654\u0026r2=150123",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654\u0026r2=150123"
},
{
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2012-2870",
"datePublished": "2012-08-31T19:00:00",
"dateReserved": "2012-05-19T00:00:00",
"dateUpdated": "2024-08-06T19:50:05.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11068 (GCVE-0-2019-11068)
Vulnerability from cvelistv5
Published
2019-04-10 19:38
Modified
2024-08-04 22:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
},
{
"name": "[debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
},
{
"name": "USN-3947-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3947-2/"
},
{
"name": "[oss-security] 20190422 Nokogiri security update v1.10.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
},
{
"name": "USN-3947-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3947-1/"
},
{
"name": "[oss-security] 20190423 Re: Nokogiri security update v1.10.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
},
{
"name": "openSUSE-SU-2019:1433",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
},
{
"name": "openSUSE-SU-2019:1430",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1428",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
},
{
"name": "openSUSE-SU-2019:1527",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
},
{
"name": "FEDORA-2019-e21c77ffae",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "FEDORA-2019-e74d639587",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
},
{
"name": "openSUSE-SU-2019:1824",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T15:06:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
},
{
"name": "[debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
},
{
"name": "USN-3947-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3947-2/"
},
{
"name": "[oss-security] 20190422 Nokogiri security update v1.10.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
},
{
"name": "USN-3947-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3947-1/"
},
{
"name": "[oss-security] 20190423 Re: Nokogiri security update v1.10.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
},
{
"name": "openSUSE-SU-2019:1433",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
},
{
"name": "openSUSE-SU-2019:1430",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1428",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
},
{
"name": "openSUSE-SU-2019:1527",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
},
{
"name": "FEDORA-2019-e21c77ffae",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "FEDORA-2019-e74d639587",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
},
{
"name": "openSUSE-SU-2019:1824",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
},
{
"name": "[debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
},
{
"name": "USN-3947-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3947-2/"
},
{
"name": "[oss-security] 20190422 Nokogiri security update v1.10.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
},
{
"name": "USN-3947-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3947-1/"
},
{
"name": "[oss-security] 20190423 Re: Nokogiri security update v1.10.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
},
{
"name": "openSUSE-SU-2019:1433",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
},
{
"name": "openSUSE-SU-2019:1430",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1428",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
},
{
"name": "openSUSE-SU-2019:1527",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
},
{
"name": "FEDORA-2019-e21c77ffae",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
},
{
"name": "FEDORA-2019-320d5295fc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "FEDORA-2019-e74d639587",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
},
{
"name": "openSUSE-SU-2019:1824",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191017-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11068",
"datePublished": "2019-04-10T19:38:18",
"dateReserved": "2019-04-10T00:00:00",
"dateUpdated": "2024-08-04T22:40:16.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30560 (GCVE-0-2021-30560)
Vulnerability from cvelistv5
Published
2021-08-03 00:00
Modified
2025-05-05 16:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use after free
Summary
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1219209"
},
{
"name": "DSA-5216",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5216"
},
{
"name": "[debian-lts-announce] 20220909 [SECURITY] [DLA 3101-1] libxslt security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
},
{
"name": "GLSA-202310-23",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-23"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-30560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:32:11.800769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:53:12.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "91.0.4472.164",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T14:06:22.033Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html"
},
{
"url": "https://crbug.com/1219209"
},
{
"name": "DSA-5216",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5216"
},
{
"name": "[debian-lts-announce] 20220909 [SECURITY] [DLA 3101-1] libxslt security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
},
{
"name": "GLSA-202310-23",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202310-23"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2021-30560",
"datePublished": "2021-08-03T00:00:00.000Z",
"dateReserved": "2021-04-13T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:53:12.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7995 (GCVE-0-2015-7995)
Vulnerability from cvelistv5
Published
2015-11-17 15:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206168"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205731"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205729"
},
{
"name": "[oss-security] 20151027 CVE request: libxslt xsltStylePreCompute() type confusion DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/10"
},
{
"name": "[oss-security] 20151028 Re: CVE request: libxslt xsltStylePreCompute() type confusion DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/28/4"
},
{
"name": "APPLE-SA-2016-01-25-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html"
},
{
"name": "1034736",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034736"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "APPLE-SA-2016-01-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html"
},
{
"name": "APPLE-SA-2016-03-21-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/cve-2015-7995"
},
{
"name": "APPLE-SA-2016-01-19-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617"
},
{
"name": "77325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77325"
},
{
"name": "openSUSE-SU-2016:1439",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html"
},
{
"name": "SSA:2016-148-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.386546"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205732"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257962"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-08T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206168"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205731"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205729"
},
{
"name": "[oss-security] 20151027 CVE request: libxslt xsltStylePreCompute() type confusion DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/10"
},
{
"name": "[oss-security] 20151028 Re: CVE request: libxslt xsltStylePreCompute() type confusion DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/28/4"
},
{
"name": "APPLE-SA-2016-01-25-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html"
},
{
"name": "1034736",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034736"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "APPLE-SA-2016-01-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html"
},
{
"name": "APPLE-SA-2016-03-21-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/cve-2015-7995"
},
{
"name": "APPLE-SA-2016-01-19-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617"
},
{
"name": "77325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77325"
},
{
"name": "openSUSE-SU-2016:1439",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html"
},
{
"name": "SSA:2016-148-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.386546"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205732"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257962"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3605",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"name": "https://support.apple.com/HT206168",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206168"
},
{
"name": "https://support.apple.com/HT205731",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205731"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
},
{
"name": "https://support.apple.com/HT205729",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205729"
},
{
"name": "[oss-security] 20151027 CVE request: libxslt xsltStylePreCompute() type confusion DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/10"
},
{
"name": "[oss-security] 20151028 Re: CVE request: libxslt xsltStylePreCompute() type confusion DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/28/4"
},
{
"name": "APPLE-SA-2016-01-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html"
},
{
"name": "1034736",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034736"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "APPLE-SA-2016-01-19-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html"
},
{
"name": "APPLE-SA-2016-03-21-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"name": "https://puppet.com/security/cve/cve-2015-7995",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2015-7995"
},
{
"name": "APPLE-SA-2016-01-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html"
},
{
"name": "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617"
},
{
"name": "77325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77325"
},
{
"name": "openSUSE-SU-2016:1439",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html"
},
{
"name": "SSA:2016-148-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.386546"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "https://support.apple.com/HT205732",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205732"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1257962",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257962"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7995",
"datePublished": "2015-11-17T15:00:00",
"dateReserved": "2015-10-28T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13118 (GCVE-0-2019-13118)
Vulnerability from cvelistv5
Published
2019-07-01 01:27
Modified
2024-08-04 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://oss-fuzz.com/testcase-detail/5197371471822848"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210353"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210351"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210346"
},
{
"name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/35"
},
{
"name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/37"
},
{
"name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/36"
},
{
"name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/24"
},
{
"name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/23"
},
{
"name": "20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/22"
},
{
"name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/26"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210356"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210357"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210358"
},
{
"name": "20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/42"
},
{
"name": "20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/40"
},
{
"name": "20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/41"
},
{
"name": "20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/31"
},
{
"name": "20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/37"
},
{
"name": "20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/38"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/25"
},
{
"name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/22"
},
{
"name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/23"
},
{
"name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/21"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"name": "USN-4164-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "FEDORA-2019-fdf6ec39b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"name": "openSUSE-SU-2020:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:08:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://oss-fuzz.com/testcase-detail/5197371471822848"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210353"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210351"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210346"
},
{
"name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/35"
},
{
"name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/37"
},
{
"name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/36"
},
{
"name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/24"
},
{
"name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/23"
},
{
"name": "20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/22"
},
{
"name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/26"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210356"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210357"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210358"
},
{
"name": "20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/42"
},
{
"name": "20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/40"
},
{
"name": "20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/41"
},
{
"name": "20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/31"
},
{
"name": "20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/37"
},
{
"name": "20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/38"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/25"
},
{
"name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/22"
},
{
"name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/23"
},
{
"name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/21"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"name": "USN-4164-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "FEDORA-2019-fdf6ec39b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"name": "openSUSE-SU-2020:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"
},
{
"name": "https://oss-fuzz.com/testcase-detail/5197371471822848",
"refsource": "MISC",
"url": "https://oss-fuzz.com/testcase-detail/5197371471822848"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069"
},
{
"name": "https://support.apple.com/kb/HT210348",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210348"
},
{
"name": "https://support.apple.com/kb/HT210353",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210353"
},
{
"name": "https://support.apple.com/kb/HT210351",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210351"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"name": "https://support.apple.com/kb/HT210346",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210346"
},
{
"name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/35"
},
{
"name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/37"
},
{
"name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/36"
},
{
"name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/24"
},
{
"name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/23"
},
{
"name": "20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/22"
},
{
"name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/26"
},
{
"name": "https://support.apple.com/kb/HT210356",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210356"
},
{
"name": "https://support.apple.com/kb/HT210357",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210357"
},
{
"name": "https://support.apple.com/kb/HT210358",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210358"
},
{
"name": "20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/42"
},
{
"name": "20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/40"
},
{
"name": "20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/41"
},
{
"name": "20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/31"
},
{
"name": "20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/37"
},
{
"name": "20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/38"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190806-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/25"
},
{
"name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/22"
},
{
"name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/23"
},
{
"name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/21"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"name": "USN-4164-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "FEDORA-2019-fdf6ec39b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"name": "openSUSE-SU-2020:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13118",
"datePublished": "2019-07-01T01:27:39",
"dateReserved": "2019-06-30T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55549 (GCVE-0-2024-55549)
Vulnerability from cvelistv5
Published
2025-03-14 00:00
Modified
2025-03-14 19:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55549",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T19:26:54.516211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T19:27:01.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "libxslt",
"vendor": "xmlsoft",
"versions": [
{
"lessThan": "1.1.43",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1.43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T01:02:10.105Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/127"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-55549",
"datePublished": "2025-03-14T00:00:00.000Z",
"dateReserved": "2024-12-08T00:00:00.000Z",
"dateUpdated": "2025-03-14T19:27:01.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2016-07-22 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://www.securityfocus.com/bid/91834 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | http://www.securitytracker.com/id/1036348 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/ | ||
| product-security@apple.com | https://support.apple.com/HT206899 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206901 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206902 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206903 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206904 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206905 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91834 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036348 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206899 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206901 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206902 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206903 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206904 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206905 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9139DE10-DDA6-4BA8-AA13-A7009B63C08C",
"versionEndExcluding": "1.1.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58AFFDB5-B32E-4283-968F-BBFA4CAAC2E1",
"versionEndExcluding": "9.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "345C1D2B-0795-4041-BB43-0196DC1A37E9",
"versionEndExcluding": "10.11.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE82A10D-FF16-469F-9CC0-D97EE6B694BA",
"versionEndExcluding": "9.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C06D177-4027-4F79-832E-196EB0B14109",
"versionEndExcluding": "2.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05F7F040-914C-440A-933F-D484BFD44EE9",
"versionEndExcluding": "5.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E39C1D2-51B4-403A-8488-FCE21DD23114",
"versionEndExcluding": "12.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612."
},
{
"lang": "es",
"value": "libxslt en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, iTunes en versiones a 12.4.2 en Windows, iCloud en versiones anteriores a 5.2.1 en Windows, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o posiblemente tener otro impacto no especificado a trav\u00e9s de vectores desconocidos, una vulnerabilidad diferente a CVE-2016-4608, CVE2016-4609, CVE-2016-4610 y CVE-2016-4612."
}
],
"id": "CVE-2016-4607",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-22T02:59:30.350",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91834"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"source": "product-security@apple.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206899"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206901"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206904"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-22 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://www.securityfocus.com/bid/91826 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | http://www.securitytracker.com/id/1036348 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/ | ||
| product-security@apple.com | https://support.apple.com/HT206899 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206901 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206902 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206903 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206904 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206905 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91826 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036348 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206899 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206901 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206902 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206903 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206904 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206905 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2EBD51-DEC5-49DD-BF2A-BFEFF02BC812",
"versionEndIncluding": "1.1.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58AFFDB5-B32E-4283-968F-BBFA4CAAC2E1",
"versionEndExcluding": "9.3.3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "345C1D2B-0795-4041-BB43-0196DC1A37E9",
"versionEndExcluding": "10.11.6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE82A10D-FF16-469F-9CC0-D97EE6B694BA",
"versionEndExcluding": "9.2.2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C06D177-4027-4F79-832E-196EB0B14109",
"versionEndExcluding": "2.2.2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05F7F040-914C-440A-933F-D484BFD44EE9",
"versionEndExcluding": "5.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E39C1D2-51B4-403A-8488-FCE21DD23114",
"versionEndExcluding": "12.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612."
},
{
"lang": "es",
"value": "libxslt en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, iTunes en versiones anteriores 12.4.2 en Windows, iCloud en versiones anteriores a 5.2.1 en Windows, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o posiblemente tener otro impacto no especificado a trav\u00e9s de vectores desconocidos, una vulnerabilidad diferente a CVE-2016-4607, CVE2016-4609, CVE-2016-4610 y CVE-2016-4612"
}
],
"id": "CVE-2016-4608",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-22T02:59:31.523",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"source": "product-security@apple.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206899"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206901"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206904"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-18 21:15
Modified
2024-11-21 04:32
Severity ?
Summary
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/11/17/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2020:0514 | ||
| cve@mitre.org | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20191031-0004/ | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20200416-0004/ | ||
| cve@mitre.org | https://usn.ubuntu.com/4164-1/ | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuapr2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/11/17/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2020:0514 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20191031-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200416-0004/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4164-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2020.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxslt | 1.1.33 | |
| linux | linux_kernel | - | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF9724E-ED48-45EB-92DF-1223ECF12693",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed."
},
{
"lang": "es",
"value": "En la funci\u00f3n xsltCopyText en el archivo transform.c en libxslt versi\u00f3n 1.1.33, una variable de puntero no se restablece bajo determinadas circunstancias. Si el \u00e1rea de memoria relevante se liber\u00f3 y reutiliz\u00f3 de cierta manera, una comprobaci\u00f3n de l\u00edmites podr\u00eda fallar y podr\u00eda escribirse la memoria fuera de un b\u00fafer o podr\u00edan divulgarse datos no inicializados."
}
],
"id": "CVE-2019-18197",
"lastModified": "2024-11-21T04:32:48.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-18T21:15:10.793",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0004/"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-01 02:15
Modified
2024-11-21 04:24
Severity ?
Summary
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/11/17/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/ | ||
| cve@mitre.org | https://oss-fuzz.com/testcase-detail/5631739747106816 | Permissions Required | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20190806-0004/ | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20200122-0003/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4164-1/ | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujan2020.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/11/17/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oss-fuzz.com/testcase-detail/5631739747106816 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190806-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200122-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4164-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2020.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxslt | 1.1.33 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.1 | |
| oracle | openjdk | 8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF9724E-ED48-45EB-92DF-1223ECF12693",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
"matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character."
},
{
"lang": "es",
"value": "En el archivo numbers.c en libxslt versi\u00f3n 1.1.33, un xsl:number con ciertas cadenas de formato conllevar\u00eda a una lectura no inicializada en la funci\u00f3n xsltNumberFormatInsertNumbers. Esto podr\u00eda permitir a un atacante discernir si un byte en la pila contiene los caracteres A, a, I, i o 0, o cualquier otro car\u00e1cter."
}
],
"id": "CVE-2019-13117",
"lastModified": "2024-11-21T04:24:13.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-01T02:15:09.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://oss-fuzz.com/testcase-detail/5631739747106816"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://oss-fuzz.com/testcase-detail/5631739747106816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-01 02:15
Modified
2024-11-21 04:24
Severity ?
Summary
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Aug/11 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Aug/13 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Aug/14 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Aug/15 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Jul/22 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Jul/23 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Jul/24 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Jul/26 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Jul/31 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Jul/37 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Jul/38 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/11/17/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069 | Permissions Required | |
| cve@mitre.org | https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/ | ||
| cve@mitre.org | https://oss-fuzz.com/testcase-detail/5197371471822848 | Permissions Required | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Aug/21 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Aug/22 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Aug/23 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Aug/25 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Jul/35 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Jul/36 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Jul/37 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Jul/40 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Jul/41 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Jul/42 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20190806-0004/ | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20200122-0003/ | Third Party Advisory | |
| cve@mitre.org | https://support.apple.com/kb/HT210346 | Third Party Advisory | |
| cve@mitre.org | https://support.apple.com/kb/HT210348 | Third Party Advisory | |
| cve@mitre.org | https://support.apple.com/kb/HT210351 | Third Party Advisory | |
| cve@mitre.org | https://support.apple.com/kb/HT210353 | Third Party Advisory | |
| cve@mitre.org | https://support.apple.com/kb/HT210356 | Third Party Advisory | |
| cve@mitre.org | https://support.apple.com/kb/HT210357 | Third Party Advisory | |
| cve@mitre.org | https://support.apple.com/kb/HT210358 | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4164-1/ | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujan2020.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Aug/11 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Aug/13 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Aug/14 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Aug/15 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jul/22 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jul/23 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jul/24 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jul/26 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jul/31 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jul/37 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jul/38 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/11/17/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oss-fuzz.com/testcase-detail/5197371471822848 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Aug/21 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Aug/22 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Aug/23 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Aug/25 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Jul/35 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Jul/36 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Jul/37 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Jul/40 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Jul/41 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Jul/42 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190806-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200122-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT210346 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT210348 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT210351 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT210353 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT210356 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT210357 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT210358 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4164-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2020.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxslt | 1.1.33 | |
| opensuse | leap | 15.1 | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_backup | - | |
| netapp | clustered_data_ontap | - | |
| netapp | e-series_performance_analyzer | - | |
| netapp | e-series_santricity_management_plug-ins | - | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | e-series_santricity_storage_manager | - | |
| netapp | e-series_santricity_web_services | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | plug-in_for_symantec_netbackup | - | |
| netapp | santricity_unified_manager | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| oracle | jdk | 1.8.0 | |
| fedoraproject | fedora | 31 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| apple | icloud | * | |
| apple | icloud | * | |
| apple | itunes | * | |
| apple | iphone_os | * | |
| apple | mac_os_x | 10.12.6 | |
| apple | mac_os_x | 10.12.6 | |
| apple | mac_os_x | 10.12.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | macos | * | |
| apple | tvos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF9724E-ED48-45EB-92DF-1223ECF12693",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
"matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "433D435D-13D0-4EAA-ACD9-DD88DA712D00",
"versionEndIncluding": "11.50.2",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
"matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*",
"matchCriteriaId": "8836399B-AA1F-45DB-A423-B41A93A14281",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "086B8913-51FE-4FCA-AB2C-47541F2C3252",
"versionEndExcluding": "7.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "71143206-77A6-4B8F-964B-FD4E00C1AE60",
"versionEndExcluding": "10.6",
"versionStartIncluding": "10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F3310BC8-34F6-4C8A-B6B8-FCEB9033902B",
"versionEndExcluding": "12.9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78127EE5-23FE-4C66-B7EE-2CF3E19F0503",
"versionEndExcluding": "12.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-001:*:*:*:*:*:*",
"matchCriteriaId": "4353B3DF-2371-4A6F-9FF8-2CC3EF7DC4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-002:*:*:*:*:*:*",
"matchCriteriaId": "A0334DC1-4D8C-448C-84B3-310499118B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-003:*:*:*:*:*:*",
"matchCriteriaId": "F80F3626-D093-45F4-80A1-3DB1EC94E0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*",
"matchCriteriaId": "754A2DF4-8724-4448-A2AB-AC5442029CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*",
"matchCriteriaId": "D392C777-1949-4920-B459-D083228E4688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*",
"matchCriteriaId": "68B0A232-F2A4-4B87-99EB-3A532DFA87DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DABA4F3-D814-4190-BDD7-C2F3DBBD9E1A",
"versionEndExcluding": "10.14.6",
"versionStartIncluding": "10.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC281794-DEC0-4C8A-8B92-F8E5D8785EF6",
"versionEndExcluding": "12.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data."
},
{
"lang": "es",
"value": "En el archivo numbers.c en libxslt versi\u00f3n 1.1.33, un tipo que contiene caracteres de agrupaci\u00f3n de una instrucci\u00f3n xsl:number era demasiado estrecho y una combinaci\u00f3n de car\u00e1cter/longitud no v\u00e1lida se pod\u00eda ser pasada a la funci\u00f3n xsltNumberFormatDecimal, conllevando a una lectura de los datos de pila no inicializados."
}
],
"id": "CVE-2019-13118",
"lastModified": "2024-11-21T04:24:13.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-01T02:15:09.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/22"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/24"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/26"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/31"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/37"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/38"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://oss-fuzz.com/testcase-detail/5197371471822848"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/21"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/22"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/25"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/35"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/36"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/37"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/40"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/41"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/42"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210346"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210348"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210351"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210353"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210356"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210357"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210358"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://oss-fuzz.com/testcase-detail/5197371471822848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-01 14:41
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://secunia.com/advisories/31230 | ||
| secalert@redhat.com | http://secunia.com/advisories/31310 | ||
| secalert@redhat.com | http://secunia.com/advisories/31331 | ||
| secalert@redhat.com | http://secunia.com/advisories/31363 | ||
| secalert@redhat.com | http://secunia.com/advisories/31395 | ||
| secalert@redhat.com | http://secunia.com/advisories/31399 | ||
| secalert@redhat.com | http://secunia.com/advisories/32453 | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200808-06.xml | ||
| secalert@redhat.com | http://securityreason.com/securityalert/4078 | ||
| secalert@redhat.com | http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306 | ||
| secalert@redhat.com | http://www.debian.org/security/2008/dsa-1624 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:160 | ||
| secalert@redhat.com | http://www.ocert.org/advisories/ocert-2008-009.html | Patch | |
| secalert@redhat.com | http://www.ocert.org/patches/exslt_crypt.patch | Exploit, Patch | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2008-0649.html | ||
| secalert@redhat.com | http://www.scary.beasts.org/security/CESA-2008-003.html | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/494976/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/495018/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/497829/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/30467 | ||
| secalert@redhat.com | http://www.securitytracker.com/id?1020596 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/usn-633-1 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/2266/references | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/44141 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827 | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31230 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31310 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31331 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31363 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31395 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31399 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32453 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200808-06.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4078 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1624 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:160 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ocert.org/advisories/ocert-2008-009.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ocert.org/patches/exslt_crypt.patch | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0649.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.scary.beasts.org/security/CESA-2008-003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/494976/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495018/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/497829/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30467 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020596 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-633-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2266/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/44141 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxslt | 1.1.8 | |
| xmlsoft | libxslt | 1.1.9 | |
| xmlsoft | libxslt | 1.1.10 | |
| xmlsoft | libxslt | 1.1.11 | |
| xmlsoft | libxslt | 1.1.12 | |
| xmlsoft | libxslt | 1.1.13 | |
| xmlsoft | libxslt | 1.1.14 | |
| xmlsoft | libxslt | 1.1.15 | |
| xmlsoft | libxslt | 1.1.16 | |
| xmlsoft | libxslt | 1.1.17 | |
| xmlsoft | libxslt | 1.1.18 | |
| xmlsoft | libxslt | 1.1.19 | |
| xmlsoft | libxslt | 1.1.20 | |
| xmlsoft | libxslt | 1.1.21 | |
| xmlsoft | libxslt | 1.1.22 | |
| xmlsoft | libxslt | 1.1.23 | |
| xmlsoft | libxslt | 1.1.24 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFCEA36-7573-491B-8438-4E3FDF8E97ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF38997D-634C-423C-BD82-44E74A99D8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B4CF5A-150E-4814-BA15-EF9FB30AD0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4401FF-84D8-4AD5-BAED-978E31E5DADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CC004874-3C5D-4932-AD5B-BE7156D7D13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "269892E0-1ABA-4D0F-8266-A4DA8A575967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4597D362-AD62-4D58-BC7F-CCED44488466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D885D06-D6E5-432C-9923-AE2CE73F7654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5003EF-82E2-49F9-9F74-CB92FE98E2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D6095-2A7B-4328-ADA0-283E8F79AFDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "91C70E5E-A987-4BF3-9300-E4A3F2B0B853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C5EFA6E9-593B-484A-A8FB-A22BAEE208B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6C55B5B1-76F1-480B-B7F9-EF4AFE79E3F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "58E904DA-889E-44B9-9AF6-EC753FB316BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BC6F57-1DDD-4EA6-83F9-2672B11DF7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "69A51C1E-21C9-4FA4-8340-345B5E1F1B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7C38F-EF88-4531-803D-BA911978A176",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as \"an argument in the XSL input.\""
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basados en mont\u00edculo en las funciones rc4 de (1) cifrado (aka exsltCryptoRc4EncryptFunction) y (2) descifrado (aka exsltCryptoRc4DecryptFunction) en crypto.c en libexslt en libxslt 1.1.8 hasta 1.1.24 permite a atacantes dependientes de contexto ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero XML que contiene una larga cadena de caracteres como \"un argumento en la entrada XSL.\""
}
],
"id": "CVE-2008-2935",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-01T14:41:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31230"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31310"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31331"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31363"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31395"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31399"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32453"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200808-06.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/4078"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1624"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:160"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.ocert.org/advisories/ocert-2008-009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.ocert.org/patches/exslt_crypt.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0649.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.scary.beasts.org/security/CESA-2008-003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/494976/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/495018/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/497829/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/30467"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1020596"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-633-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2266/references"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44141"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200808-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ocert.org/advisories/ocert-2008-009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.ocert.org/patches/exslt_crypt.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0649.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.scary.beasts.org/security/CESA-2008-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/494976/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495018/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/497829/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-633-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2266/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-22 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://www.securityfocus.com/bid/91826 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | http://www.securitytracker.com/id/1036348 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html | Mailing List, Third Party Advisory | |
| product-security@apple.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/ | ||
| product-security@apple.com | https://support.apple.com/HT206899 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206901 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206902 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206903 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206904 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206905 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91826 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036348 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206899 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206901 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206902 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206903 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206904 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206905 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9139DE10-DDA6-4BA8-AA13-A7009B63C08C",
"versionEndExcluding": "1.1.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58AFFDB5-B32E-4283-968F-BBFA4CAAC2E1",
"versionEndExcluding": "9.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "345C1D2B-0795-4041-BB43-0196DC1A37E9",
"versionEndExcluding": "10.11.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE82A10D-FF16-469F-9CC0-D97EE6B694BA",
"versionEndExcluding": "9.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C06D177-4027-4F79-832E-196EB0B14109",
"versionEndExcluding": "2.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05F7F040-914C-440A-933F-D484BFD44EE9",
"versionEndExcluding": "5.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E39C1D2-51B4-403A-8488-FCE21DD23114",
"versionEndExcluding": "12.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612."
},
{
"lang": "es",
"value": "libxslt en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, iTunes en versiones anteriores a 12.4.2 en Windows, iCloud en versiones anteriores a 5.2.1 en Windows, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o posiblemente tener otro impacto no especificado a trav\u00e9s de vectores desconocidos, una vulnerabilidad diferente a CVE-2016-4607, CVE-2016-4608, CVE-2016-4610 y CVE-2016-4612."
}
],
"id": "CVE-2016-4609",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-22T02:59:32.977",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"source": "product-security@apple.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206899"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206901"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206904"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-03 19:15
Modified
2025-05-05 17:17
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| chrome-cve-admin@google.com | https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html | Release Notes, Vendor Advisory | |
| chrome-cve-admin@google.com | https://crbug.com/1219209 | Issue Tracking, Patch, Vendor Advisory | |
| chrome-cve-admin@google.com | https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html | Mailing List, Third Party Advisory | |
| chrome-cve-admin@google.com | https://security.gentoo.org/glsa/202310-23 | Third Party Advisory | |
| chrome-cve-admin@google.com | https://www.debian.org/security/2022/dsa-5216 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/1219209 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-23 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5216 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| xmlsoft | libxslt | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0BF7DD-0FAE-4761-B2CD-7D14E83A7B6F",
"versionEndExcluding": "91.0.4472.164",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E7A28AB-D5DA-4F00-9795-4DA4951B4E75",
"versionEndExcluding": "1.1.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
},
{
"lang": "es",
"value": "Un uso de memoria previamente liberada en Blink XSLT en Google Chrome versiones anteriores a 91.0.4472.164, permit\u00eda a un atacante remoto explotar potencialmente una corrupci\u00f3n de la pila por medio de una p\u00e1gina HTML dise\u00f1ada"
}
],
"id": "CVE-2021-30560",
"lastModified": "2025-05-05T17:17:03.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2021-08-03T19:15:08.127",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://crbug.com/1219209"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202310-23"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://crbug.com/1219209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202310-23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5216"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-10 20:29
Modified
2024-11-21 04:20
Severity ?
Summary
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html | Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html | Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html | Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html | Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html | Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/04/22/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/04/23/5 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/ | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20191017-0001/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3947-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3947-2/ | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/04/22/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/04/23/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20191017-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3947-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3947-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxslt | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 8.0 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| oracle | jdk | 8.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_backup | - | |
| netapp | e-series_santricity_management_plug-ins | - | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | e-series_santricity_storage_manager | - | |
| netapp | e-series_santricity_unified_manager | - | |
| netapp | e-series_santricity_web_services_proxy | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | plug-in_for_symantec_netbackup | - | |
| netapp | santricity_unified_manager | - | |
| netapp | snapmanager | - | |
| netapp | snapmanager | - | |
| netapp | solidfire | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 42.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E054BED-0DA0-4966-8B7F-E7DDFAAF892F",
"versionEndIncluding": "1.1.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:8.0:update_221:*:*:*:*:*:*",
"matchCriteriaId": "8594A5FB-33D0-422E-8F32-16ECF08DB45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
"matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DA944C-4992-424D-BC82-474585DAC5DF",
"versionEndIncluding": "11.70.2",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB695329-036B-447D-BEB0-AA4D89D1D99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
"matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
"matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded."
},
{
"lang": "es",
"value": "libxslt hasta la versi\u00f3n 1.1.33 permite omitir los mecanismos de protecci\u00f3n debido a que los callers xsltCheckRead y xsltCheckWrite permiten acceso incluso despu\u00e9s de recibir el c\u00f3digo de error -1. xsltCheckRead puede devolver -1 para una URL creada que no es realmente inv\u00e1lida y que se carga posteriormente."
}
],
"id": "CVE-2019-11068",
"lastModified": "2024-11-21T04:20:28.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-10T20:29:01.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3947-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3947-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3947-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3947-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-12 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html | ||
| secalert@redhat.com | http://secunia.com/advisories/52745 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/52805 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/52813 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/52884 | Vendor Advisory | |
| secalert@redhat.com | http://www.debian.org/security/2013/dsa-2654 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2013:141 | ||
| secalert@redhat.com | http://www.securitytracker.com/id/1028338 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1784-1 | ||
| secalert@redhat.com | http://xmlsoft.org/XSLT/news.html | ||
| secalert@redhat.com | https://bugzilla.gnome.org/show_bug.cgi?id=685328 | Exploit, Patch | |
| secalert@redhat.com | https://bugzilla.gnome.org/show_bug.cgi?id=685330 | Patch | |
| secalert@redhat.com | https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833 | Patch | |
| secalert@redhat.com | https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d | Exploit, Patch | |
| secalert@redhat.com | https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107 | ||
| secalert@redhat.com | https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html | ||
| secalert@redhat.com | https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/52745 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/52805 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/52813 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/52884 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2013/dsa-2654 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:141 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1028338 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1784-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://xmlsoft.org/XSLT/news.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.gnome.org/show_bug.cgi?id=685328 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.gnome.org/show_bug.cgi?id=685330 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxslt | * | |
| xmlsoft | libxslt | 0.0.1 | |
| xmlsoft | libxslt | 0.1.0 | |
| xmlsoft | libxslt | 0.2.0 | |
| xmlsoft | libxslt | 0.3.0 | |
| xmlsoft | libxslt | 0.4.0 | |
| xmlsoft | libxslt | 0.5.0 | |
| xmlsoft | libxslt | 0.6.0 | |
| xmlsoft | libxslt | 0.7.0 | |
| xmlsoft | libxslt | 0.8.0 | |
| xmlsoft | libxslt | 0.9.0 | |
| xmlsoft | libxslt | 0.10.0 | |
| xmlsoft | libxslt | 0.11.0 | |
| xmlsoft | libxslt | 0.12.0 | |
| xmlsoft | libxslt | 0.13.0 | |
| xmlsoft | libxslt | 0.14.0 | |
| xmlsoft | libxslt | 1.0.0 | |
| xmlsoft | libxslt | 1.0.1 | |
| xmlsoft | libxslt | 1.0.2 | |
| xmlsoft | libxslt | 1.0.3 | |
| xmlsoft | libxslt | 1.0.4 | |
| xmlsoft | libxslt | 1.0.5 | |
| xmlsoft | libxslt | 1.0.6 | |
| xmlsoft | libxslt | 1.0.7 | |
| xmlsoft | libxslt | 1.0.8 | |
| xmlsoft | libxslt | 1.0.9 | |
| xmlsoft | libxslt | 1.0.10 | |
| xmlsoft | libxslt | 1.0.11 | |
| xmlsoft | libxslt | 1.0.12 | |
| xmlsoft | libxslt | 1.0.13 | |
| xmlsoft | libxslt | 1.0.14 | |
| xmlsoft | libxslt | 1.0.15 | |
| xmlsoft | libxslt | 1.0.16 | |
| xmlsoft | libxslt | 1.0.17 | |
| xmlsoft | libxslt | 1.0.18 | |
| xmlsoft | libxslt | 1.0.19 | |
| xmlsoft | libxslt | 1.0.20 | |
| xmlsoft | libxslt | 1.0.21 | |
| xmlsoft | libxslt | 1.0.22 | |
| xmlsoft | libxslt | 1.0.23 | |
| xmlsoft | libxslt | 1.0.24 | |
| xmlsoft | libxslt | 1.0.25 | |
| xmlsoft | libxslt | 1.0.26 | |
| xmlsoft | libxslt | 1.0.27 | |
| xmlsoft | libxslt | 1.0.28 | |
| xmlsoft | libxslt | 1.0.29 | |
| xmlsoft | libxslt | 1.0.30 | |
| xmlsoft | libxslt | 1.0.31 | |
| xmlsoft | libxslt | 1.0.32 | |
| xmlsoft | libxslt | 1.0.33 | |
| xmlsoft | libxslt | 1.1.0 | |
| xmlsoft | libxslt | 1.1.1 | |
| xmlsoft | libxslt | 1.1.2 | |
| xmlsoft | libxslt | 1.1.3 | |
| xmlsoft | libxslt | 1.1.4 | |
| xmlsoft | libxslt | 1.1.5 | |
| xmlsoft | libxslt | 1.1.6 | |
| xmlsoft | libxslt | 1.1.7 | |
| xmlsoft | libxslt | 1.1.8 | |
| xmlsoft | libxslt | 1.1.9 | |
| xmlsoft | libxslt | 1.1.10 | |
| xmlsoft | libxslt | 1.1.11 | |
| xmlsoft | libxslt | 1.1.12 | |
| xmlsoft | libxslt | 1.1.13 | |
| xmlsoft | libxslt | 1.1.14 | |
| xmlsoft | libxslt | 1.1.15 | |
| xmlsoft | libxslt | 1.1.16 | |
| xmlsoft | libxslt | 1.1.17 | |
| xmlsoft | libxslt | 1.1.18 | |
| xmlsoft | libxslt | 1.1.19 | |
| xmlsoft | libxslt | 1.1.20 | |
| xmlsoft | libxslt | 1.1.21 | |
| xmlsoft | libxslt | 1.1.22 | |
| xmlsoft | libxslt | 1.1.23 | |
| xmlsoft | libxslt | 1.1.24 | |
| xmlsoft | libxslt | 1.1.25 | |
| xmlsoft | libxslt | 1.1.26 | |
| opensuse | opensuse | 11.4 | |
| opensuse | opensuse | 12.1 | |
| opensuse | opensuse | 12.2 | |
| opensuse | opensuse | 12.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A45AC51B-B71D-4F32-845F-8CADEDF658CE",
"versionEndIncluding": "1.1.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E595672-2421-461D-87D9-328048B25050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "956B09D6-C565-400E-A138-ED4A2BBC275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD95682-DC9E-4F6F-AFAF-A76A5798CD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28E01474-EC8B-4664-8207-EC46C0175554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5175CD5-1CA4-49A8-8CCD-586EFCD25D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AB058A-BAF1-4F86-9F79-8C5A9A01DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1975FB9-2D07-418B-BB0B-782D068C0535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D10EDFCC-7A5B-4AE4-A213-494711975D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF2B4C26-6197-4C37-AABB-934EF4E37943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFA1BBF-D793-4E1C-82A5-4688675B542F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D71D19E-2679-42A1-81E4-CE1DE422CE7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7AD4CCA-3D5F-410F-A4C0-8722CE656E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0DDE39-304C-4F1B-B840-1CF3C970D3BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE5C85D-4044-413B-863A-25972FC6F669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4F412D-4DC9-4F36-9035-78F5977D0FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99186C70-8E36-45F9-8E42-4A08D2FDEF2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03E48915-76B4-4788-B4AA-6B3B7746E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC5C699-6CDB-4C2C-8BD7-1F68AB0C5348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3DB742-5752-408A-AD89-55032A2389B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A57E80C-5D45-4574-9944-AC0DA3620118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB7BA1B-9548-4D1C-8A10-34239120B0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "86D10EDB-D8DF-4CA3-8799-D2646DEC802B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4EA931-6846-488F-AD33-FE9D04EF07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D67FD41-2404-4658-8D6B-4DBD4F471880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F6DF1-2375-4389-B07D-FF486C3502CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0469B71F-2303-4072-9C54-2004A117E4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDFD037-100A-4F3E-B114-E3F72BA17084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F2EDDE79-10ED-4465-ADEA-C989548BA314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C61F9034-C7F6-4430-A2AA-4A0C00A9747B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "68926A2D-5311-46CF-AF16-AC16F53CDE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CBA3E7-0BD1-41B2-BC17-D26BA825B983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E63AAA8C-84CB-40D9-85D3-B8E62B6304CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8C19E3F3-2B60-4356-B32A-64F39340FB68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "34C904FE-A924-47B3-87DA-4F5A0BF1A398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE3321C-0865-4734-BB89-C3C4AAABBA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "684B2370-5265-4E85-BAE0-A987FA14F6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "46F05C32-8B19-4B6A-A02F-D5F96489979E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A83D4930-CA0C-4BE0-BA05-A041F80AA6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F824E314-F658-463F-9A33-AA577EF8D4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C0556BEA-0B5E-4EF7-9E7E-EF0A4323BFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "4C09DB64-1D4B-4047-B76A-D249B8D0F55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "270B7D3F-2541-4E7C-B40C-2014BD3CA4DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "29159B77-EB1C-4DA3-9DD5-52113C353870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2878F7-0917-4A17-9CB3-3B644A9B8A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "E43B3CAF-65FA-417C-A8E5-04806C4C3709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "26F9E2A6-19FC-41D4-9EB7-4FFCB152CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "8699DD77-22BD-4E8F-8210-956E7DCD805D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "FF265313-EB0B-4649-A432-E95DE0AEE4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "555054F5-4C4C-4BD0-ADD9-2E8C55814D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14054A80-5975-48DA-A2B8-800ED3F17F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E39216FB-6A55-4C15-AEBA-AC68CFE8D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9F47F-76D2-44F7-93DE-045E5F05DF57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF5779A-EE67-4AA2-86EE-5F4534AF8EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04167292-B8A5-4CE2-AE7B-70FD2BDE5724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A663FD5-6694-4203-A0B8-405121A6B346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1614DAE5-A84E-4898-B9E0-E4F5DD5D17AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "493B79B8-74A0-4089-BBA5-435C3B549928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFCEA36-7573-491B-8438-4E3FDF8E97ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF38997D-634C-423C-BD82-44E74A99D8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B4CF5A-150E-4814-BA15-EF9FB30AD0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4401FF-84D8-4AD5-BAED-978E31E5DADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CC004874-3C5D-4932-AD5B-BE7156D7D13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "269892E0-1ABA-4D0F-8266-A4DA8A575967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4597D362-AD62-4D58-BC7F-CCED44488466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D885D06-D6E5-432C-9923-AE2CE73F7654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5003EF-82E2-49F9-9F74-CB92FE98E2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D6095-2A7B-4328-ADA0-283E8F79AFDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "91C70E5E-A987-4BF3-9300-E4A3F2B0B853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C5EFA6E9-593B-484A-A8FB-A22BAEE208B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6C55B5B1-76F1-480B-B7F9-EF4AFE79E3F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "58E904DA-889E-44B9-9AF6-EC753FB316BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BC6F57-1DDD-4EA6-83F9-2672B11DF7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "69A51C1E-21C9-4FA4-8340-345B5E1F1B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7C38F-EF88-4531-803D-BA911978A176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE8B7B5-4C35-4F65-B891-80A207BA83D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "147804D0-9C1A-4BD8-A800-0F2B7EA40FEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c."
},
{
"lang": "es",
"value": "libxslt antes de v1.1.28 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferencia a puntero NULL y ca\u00edda del sistema) mediante un atributo (1) match vac\u00edo en una clave XSL a la funci\u00f3n xsltAddKey en keys.c o (2) una variable no inicializada en la funci\u00f3n xsltDocumentFunction en functions.c."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2012-6139",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-12T22:55:01.007",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52745"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52805"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52813"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52884"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2654"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:141"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1028338"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1784-1"
},
{
"source": "secalert@redhat.com",
"url": "http://xmlsoft.org/XSLT/news.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685328"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685330"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d"
},
{
"source": "secalert@redhat.com",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107"
},
{
"source": "secalert@redhat.com",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1784-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://xmlsoft.org/XSLT/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-17 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html | Vendor Advisory | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html | Vendor Advisory | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html | Vendor Advisory | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html | ||
| cve@mitre.org | http://www.debian.org/security/2016/dsa-3605 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/10/27/10 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/10/28/4 | ||
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/77325 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1034736 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1038623 | ||
| cve@mitre.org | http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546 | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1257962 | Exploit | |
| cve@mitre.org | https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617 | ||
| cve@mitre.org | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017 | ||
| cve@mitre.org | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 | ||
| cve@mitre.org | https://puppet.com/security/cve/cve-2015-7995 | ||
| cve@mitre.org | https://support.apple.com/HT205729 | ||
| cve@mitre.org | https://support.apple.com/HT205731 | ||
| cve@mitre.org | https://support.apple.com/HT205732 | ||
| cve@mitre.org | https://support.apple.com/HT206168 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3605 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/10/27/10 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/10/28/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/77325 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034736 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038623 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1257962 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://puppet.com/security/cve/cve-2015-7995 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT205729 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT205731 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT205732 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206168 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66F0A17C-3DC1-4E8A-9291-DD97F386F40C",
"versionEndIncluding": "9.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7F8660-36B3-469C-81AD-07B25B09E5D7",
"versionEndIncluding": "10.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CF16CB-120B-4FC0-B7A2-2FCD3324EA8A",
"versionEndIncluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF14807-BA21-480B-9ED0-A6D53352E87F",
"versionEndIncluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2EBD51-DEC5-49DD-BF2A-BFEFF02BC812",
"versionEndIncluding": "1.1.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue."
},
{
"lang": "es",
"value": "La funci\u00f3n xsltStylePreCompute en preproc.c en libxslt 1.1.28 no comprueba si el nodo padre es un elemento, lo que permite a atacantes causar una denegaci\u00f3n de servicio a trav\u00e9s de un archivo XML manipulado, relacionado a un problema \u0027type confusion\u0027."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/843.html\"\u003eCWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)\u003c/a\u003e",
"id": "CVE-2015-7995",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-17T15:59:16.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/10"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/10/28/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/77325"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034736"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1038623"
},
{
"source": "cve@mitre.org",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.386546"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257962"
},
{
"source": "cve@mitre.org",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"source": "cve@mitre.org",
"url": "https://puppet.com/security/cve/cve-2015-7995"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/HT205729"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/HT205731"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/HT205732"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/10/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.386546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://puppet.com/security/cve/cve-2015-7995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT205729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT205731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT205732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206168"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-31 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| chrome-cve-admin@google.com | http://code.google.com/p/chromium/issues/detail?id=138672 | ||
| chrome-cve-admin@google.com | http://code.google.com/p/chromium/issues/detail?id=140368 | ||
| chrome-cve-admin@google.com | http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html | ||
| chrome-cve-admin@google.com | http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html | ||
| chrome-cve-admin@google.com | http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html | ||
| chrome-cve-admin@google.com | http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html | ||
| chrome-cve-admin@google.com | http://secunia.com/advisories/50838 | ||
| chrome-cve-admin@google.com | http://secunia.com/advisories/54886 | ||
| chrome-cve-admin@google.com | http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684&r2=149998 | ||
| chrome-cve-admin@google.com | http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log | ||
| chrome-cve-admin@google.com | http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654&r2=150123 | ||
| chrome-cve-admin@google.com | http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log | ||
| chrome-cve-admin@google.com | http://support.apple.com/kb/HT5934 | ||
| chrome-cve-admin@google.com | http://support.apple.com/kb/HT6001 | ||
| chrome-cve-admin@google.com | http://www.debian.org/security/2012/dsa-2555 | ||
| chrome-cve-admin@google.com | http://www.mandriva.com/security/advisories?name=MDVSA-2012:164 | ||
| chrome-cve-admin@google.com | https://chromiumcodereview.appspot.com/10823168 | ||
| chrome-cve-admin@google.com | https://chromiumcodereview.appspot.com/10830177 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://code.google.com/p/chromium/issues/detail?id=138672 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://code.google.com/p/chromium/issues/detail?id=140368 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/50838 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/54886 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684&r2=149998 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654&r2=150123 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5934 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT6001 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2555 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:164 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://chromiumcodereview.appspot.com/10823168 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://chromiumcodereview.appspot.com/10830177 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | * | |
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | iphone_os | 3.0 | |
| apple | iphone_os | 3.0.1 | |
| apple | iphone_os | 3.1 | |
| apple | iphone_os | 3.1.2 | |
| apple | iphone_os | 3.1.3 | |
| apple | iphone_os | 3.2 | |
| apple | iphone_os | 3.2.1 | |
| apple | iphone_os | 3.2.2 | |
| apple | iphone_os | 4.0 | |
| apple | iphone_os | 4.0.1 | |
| apple | iphone_os | 4.0.2 | |
| apple | iphone_os | 4.1 | |
| apple | iphone_os | 4.2.1 | |
| apple | iphone_os | 4.2.5 | |
| apple | iphone_os | 4.2.8 | |
| apple | iphone_os | 4.3.0 | |
| apple | iphone_os | 4.3.1 | |
| apple | iphone_os | 4.3.2 | |
| apple | iphone_os | 4.3.3 | |
| apple | iphone_os | 4.3.5 | |
| apple | iphone_os | 5.0 | |
| apple | iphone_os | 5.0.1 | |
| apple | iphone_os | 5.1 | |
| apple | iphone_os | 5.1.1 | |
| apple | iphone_os | 6.0 | |
| apple | iphone_os | 6.0.1 | |
| apple | iphone_os | 6.0.2 | |
| apple | iphone_os | 6.1 | |
| apple | iphone_os | 6.1.2 | |
| apple | iphone_os | 6.1.3 | |
| chrome | * | ||
| chrome | 21.0.1180.0 | ||
| chrome | 21.0.1180.1 | ||
| chrome | 21.0.1180.2 | ||
| chrome | 21.0.1180.31 | ||
| chrome | 21.0.1180.32 | ||
| chrome | 21.0.1180.33 | ||
| chrome | 21.0.1180.34 | ||
| chrome | 21.0.1180.35 | ||
| chrome | 21.0.1180.36 | ||
| chrome | 21.0.1180.37 | ||
| chrome | 21.0.1180.38 | ||
| chrome | 21.0.1180.39 | ||
| chrome | 21.0.1180.41 | ||
| chrome | 21.0.1180.46 | ||
| chrome | 21.0.1180.47 | ||
| chrome | 21.0.1180.48 | ||
| chrome | 21.0.1180.49 | ||
| chrome | 21.0.1180.50 | ||
| chrome | 21.0.1180.51 | ||
| chrome | 21.0.1180.52 | ||
| chrome | 21.0.1180.53 | ||
| chrome | 21.0.1180.54 | ||
| chrome | 21.0.1180.55 | ||
| chrome | 21.0.1180.56 | ||
| chrome | 21.0.1180.57 | ||
| chrome | 21.0.1180.59 | ||
| chrome | 21.0.1180.60 | ||
| chrome | 21.0.1180.61 | ||
| chrome | 21.0.1180.62 | ||
| chrome | 21.0.1180.63 | ||
| chrome | 21.0.1180.64 | ||
| chrome | 21.0.1180.68 | ||
| chrome | 21.0.1180.69 | ||
| chrome | 21.0.1180.70 | ||
| chrome | 21.0.1180.71 | ||
| chrome | 21.0.1180.72 | ||
| chrome | 21.0.1180.73 | ||
| chrome | 21.0.1180.74 | ||
| chrome | 21.0.1180.75 | ||
| chrome | 21.0.1180.76 | ||
| chrome | 21.0.1180.77 | ||
| chrome | 21.0.1180.78 | ||
| chrome | 21.0.1180.79 | ||
| chrome | 21.0.1180.80 | ||
| chrome | 21.0.1180.81 | ||
| chrome | 21.0.1180.82 | ||
| chrome | 21.0.1180.83 | ||
| chrome | 21.0.1180.84 | ||
| chrome | 21.0.1180.85 | ||
| chrome | 21.0.1180.86 | ||
| chrome | 21.0.1180.87 | ||
| xmlsoft | libxslt | * | |
| xmlsoft | libxslt | 1.1.8 | |
| xmlsoft | libxslt | 1.1.9 | |
| xmlsoft | libxslt | 1.1.10 | |
| xmlsoft | libxslt | 1.1.11 | |
| xmlsoft | libxslt | 1.1.12 | |
| xmlsoft | libxslt | 1.1.13 | |
| xmlsoft | libxslt | 1.1.14 | |
| xmlsoft | libxslt | 1.1.15 | |
| xmlsoft | libxslt | 1.1.16 | |
| xmlsoft | libxslt | 1.1.17 | |
| xmlsoft | libxslt | 1.1.18 | |
| xmlsoft | libxslt | 1.1.19 | |
| xmlsoft | libxslt | 1.1.20 | |
| xmlsoft | libxslt | 1.1.21 | |
| xmlsoft | libxslt | 1.1.22 | |
| xmlsoft | libxslt | 1.1.23 | |
| xmlsoft | libxslt | 1.1.24 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D746FCB4-9ACA-425D-929F-F46EDDEC1B56",
"versionEndIncluding": "6.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51D3BE2B-5A01-4AD4-A436-0056B50A535D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A20F171-79FE-43B9-8309-B18341639FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "126EF22D-29BC-4366-97BC-B261311E6251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3DD7B3-DA4C-4B0A-A94E-6BF66B358B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A939B80-0AD0-48AF-81A7-370716F56639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D28528CE-4943-4F82-80C0-A629DA3E6702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB34ECBE-33E8-40E1-936B-7800D2525AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "107C59BE-D8CF-4A17-8DFB-BED2AB12388D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36C86BB9-0328-4E34-BC2B-47B3471EC262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54A8681-2D8A-4B0B-A947-82F3CE1FB03C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E0070D83-2E27-4DA8-8D10-A6A697216F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9ACA63-4528-4090-B1EA-1FE57A6B0555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7252935C-E421-4339-B61F-0299E28888DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD342BF-096A-4082-B700-19629F2BDE87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93141AB6-26F2-4C6D-95B3-D383EABB4034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5C61FF-7CD3-410A-94F2-5DE701466B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28A01C87-B02A-4239-8340-B396D0E6B21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06980521-B0EA-434D-89AD-A951EAF1D23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AE6A93-3977-4B32-B2F6-55C94387DDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E78F1F2C-2BFF-4D55-A754-102D6C42081B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A4AF71-8E71-432A-B908-361DAF99F4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE0068D-C699-4646-9658-610409925A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87C215DD-BC98-4283-BF13-69556EF7CB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C3966E-C136-47A9-B5B4-70613756ED27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22AD2A1F-A637-47DE-A69F-DAE4ABDFA4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D398B8-821B-4DE9-ADF1-4983051F964C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CCE5F2-4D32-404B-BAAC-E64F11BD41FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9EB400-8080-4519-ADE0-DF99113483AE",
"versionEndIncluding": "21.0.1180.88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.0:*:*:*:*:*:*:*",
"matchCriteriaId": "767C0C1A-EAC4-4F98-9E80-CFDA5069F118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2554F0-0DEB-41A0-A595-6A524F9EC001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F542051-CEED-45A4-BB83-937069D07CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.31:*:*:*:*:*:*:*",
"matchCriteriaId": "AC926FFC-EF03-46F0-B5B5-02B34571D6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.32:*:*:*:*:*:*:*",
"matchCriteriaId": "24849FF0-F873-4365-9B82-F16AD7F4A291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.33:*:*:*:*:*:*:*",
"matchCriteriaId": "8E784307-0538-4524-94EA-A88B1ABD0E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.34:*:*:*:*:*:*:*",
"matchCriteriaId": "5655EFE7-69CB-469F-A00A-D6F3F7F492E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B22D68-9E32-4566-8ED1-F1CE87903F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.36:*:*:*:*:*:*:*",
"matchCriteriaId": "40DB1183-DFF5-4251-BCDF-2F7696ABBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.37:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD5341A-E508-4E5B-B03F-677D97E5A464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.38:*:*:*:*:*:*:*",
"matchCriteriaId": "E096479F-4C69-445A-8C2B-7201896F401B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.39:*:*:*:*:*:*:*",
"matchCriteriaId": "25756B8C-FBEB-4D7F-99E6-EA7D27B07B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.41:*:*:*:*:*:*:*",
"matchCriteriaId": "41371794-2083-4188-90BE-506419DC0B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.46:*:*:*:*:*:*:*",
"matchCriteriaId": "51FF3E52-3E8E-4D2F-ABA3-B7D83219D723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.47:*:*:*:*:*:*:*",
"matchCriteriaId": "981570FA-6B44-49A8-9C9B-7D5127E90F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.48:*:*:*:*:*:*:*",
"matchCriteriaId": "36D2B7FE-2B20-47CA-9B3C-B726E21659E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.49:*:*:*:*:*:*:*",
"matchCriteriaId": "858BDFA4-E9CB-4537-ABA7-4283318CA501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.50:*:*:*:*:*:*:*",
"matchCriteriaId": "76D0CD04-8EF4-4B6A-BD4F-1DFCDDDD4DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.51:*:*:*:*:*:*:*",
"matchCriteriaId": "9E912B5D-81F3-4A93-A0E6-B1CFDE2B46EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.52:*:*:*:*:*:*:*",
"matchCriteriaId": "B578A2BC-9360-428C-9AFE-DC9DB9E0A621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.53:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCB6048-5A18-4FD6-A21B-95B595CF943C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.54:*:*:*:*:*:*:*",
"matchCriteriaId": "28882288-859D-425C-8BA3-F46D058B61D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.55:*:*:*:*:*:*:*",
"matchCriteriaId": "444AD7BB-FE0B-4A51-BA89-EE2647F4E8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.56:*:*:*:*:*:*:*",
"matchCriteriaId": "A0692DD3-562D-4BE7-BB61-1549EFFF9CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.57:*:*:*:*:*:*:*",
"matchCriteriaId": "5FF70696-70A8-4DFA-A0C3-172A103F3F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.59:*:*:*:*:*:*:*",
"matchCriteriaId": "25241621-CBB0-4E39-B901-2F70EE476722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.60:*:*:*:*:*:*:*",
"matchCriteriaId": "1355883C-C184-46C1-9CF7-AA59B0FC61B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.61:*:*:*:*:*:*:*",
"matchCriteriaId": "DB090D01-9F7E-49CF-8356-80CC03999121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.62:*:*:*:*:*:*:*",
"matchCriteriaId": "A37AB354-581C-42CA-B8E9-9AEAC0B326AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.63:*:*:*:*:*:*:*",
"matchCriteriaId": "885EFC87-061C-4EEF-880A-68D7D53BACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.64:*:*:*:*:*:*:*",
"matchCriteriaId": "D58B0932-1DF3-4308-8D82-B20564E974F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.68:*:*:*:*:*:*:*",
"matchCriteriaId": "A8FAD1E6-788F-4295-BFD2-F3CE99B14934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.69:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8AB897-7A45-4360-AFA7-EB7C8690ADD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.70:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF0FA83-C464-4270-A4E8-1441DF4ECFAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.71:*:*:*:*:*:*:*",
"matchCriteriaId": "86B70015-F651-467C-A846-5C97772D91EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.72:*:*:*:*:*:*:*",
"matchCriteriaId": "C07A549D-48EF-434C-ABBA-0FF7078060D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.73:*:*:*:*:*:*:*",
"matchCriteriaId": "B573E86E-3512-4DB9-911E-1B27A3BB69DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.74:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BDB997-D125-4B5D-9680-9AED7D89FD0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.75:*:*:*:*:*:*:*",
"matchCriteriaId": "0BAF7E49-6795-4848-AADD-40D8B2D5F5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.76:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B244B3-86E0-4E1D-96A5-E0B9B50F2ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.77:*:*:*:*:*:*:*",
"matchCriteriaId": "A0FF1C67-9CB7-4C78-9F3C-C88AB5A6284D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.78:*:*:*:*:*:*:*",
"matchCriteriaId": "3371BBF5-0B82-4005-96AE-9B604A2FA70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.79:*:*:*:*:*:*:*",
"matchCriteriaId": "5916EA0D-D763-4650-9AC4-A38C6E8EB052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.80:*:*:*:*:*:*:*",
"matchCriteriaId": "443C5B0F-8FC6-40E3-AA95-BB8884176002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.81:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEE1054-F275-4C04-9F1E-994AD053827A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.82:*:*:*:*:*:*:*",
"matchCriteriaId": "FA50A727-8EBA-4E97-A003-FAA2258D9128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.83:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFF35D2-661A-4FCC-AB31-D354D1F204F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.84:*:*:*:*:*:*:*",
"matchCriteriaId": "150E8749-5A22-4834-A165-1F9FAFE3F91D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.85:*:*:*:*:*:*:*",
"matchCriteriaId": "DF534291-1F7A-486D-9574-CA9E734DBC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.86:*:*:*:*:*:*:*",
"matchCriteriaId": "A9ACB74A-3F0C-44FE-BC9D-4993AD58064F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BF669C-3DAD-46B6-B2B9-A226CAC7B0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9251F19D-BEA4-4ED4-9A4B-EA89E795C6D0",
"versionEndIncluding": "1.1.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFCEA36-7573-491B-8438-4E3FDF8E97ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF38997D-634C-423C-BD82-44E74A99D8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B4CF5A-150E-4814-BA15-EF9FB30AD0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4401FF-84D8-4AD5-BAED-978E31E5DADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CC004874-3C5D-4932-AD5B-BE7156D7D13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "269892E0-1ABA-4D0F-8266-A4DA8A575967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4597D362-AD62-4D58-BC7F-CCED44488466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D885D06-D6E5-432C-9923-AE2CE73F7654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5003EF-82E2-49F9-9F74-CB92FE98E2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D6095-2A7B-4328-ADA0-283E8F79AFDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "91C70E5E-A987-4BF3-9300-E4A3F2B0B853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C5EFA6E9-593B-484A-A8FB-A22BAEE208B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6C55B5B1-76F1-480B-B7F9-EF4AFE79E3F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "58E904DA-889E-44B9-9AF6-EC753FB316BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BC6F57-1DDD-4EA6-83F9-2672B11DF7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "69A51C1E-21C9-4FA4-8340-345B5E1F1B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7C38F-EF88-4531-803D-BA911978A176",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c."
},
{
"lang": "es",
"value": "libxslt v1.1.26 y anteriores, tal como se utiliza en Google Chrome anterior a v21.0.1180.89, no gestiona adecuadamente la memoria, lo que podr\u00eda permitir a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una elaborada expresi\u00f3n XSLT que no est\u00e9 debidamente identificado durante XPath navegaci\u00f3n, en relaci\u00f3n con (1) la funci\u00f3n xsltCompileLocationPathPattern en libxslt / pattern.c y (2) la funci\u00f3n xsltGenerateIdFunction en libxslt / functions.c."
}
],
"id": "CVE-2012-2870",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-31T19:55:01.077",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://code.google.com/p/chromium/issues/detail?id=138672"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://code.google.com/p/chromium/issues/detail?id=140368"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://secunia.com/advisories/50838"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://secunia.com/advisories/54886"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684\u0026r2=149998"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654\u0026r2=150123"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://support.apple.com/kb/HT5934"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://support.apple.com/kb/HT6001"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://chromiumcodereview.appspot.com/10823168"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://chromiumcodereview.appspot.com/10830177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/chromium/issues/detail?id=138672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/chromium/issues/detail?id=140368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684\u0026r2=149998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654\u0026r2=150123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT6001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://chromiumcodereview.appspot.com/10823168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://chromiumcodereview.appspot.com/10830177"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-11 01:15
Modified
2024-11-21 04:45
Severity ?
Summary
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| chrome-cve-admin@google.com | https://bugs.chromium.org/p/chromium/issues/detail?id=930663 | ||
| chrome-cve-admin@google.com | https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b | ||
| chrome-cve-admin@google.com | https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/chromium/issues/detail?id=930663 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxslt | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1EA275-4F5D-4669-9751-4E40AEF0B97C",
"versionEndExcluding": "1.1.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data."
},
{
"lang": "es",
"value": "Una confusi\u00f3n de tipo en la funci\u00f3n xsltNumberFormatGetMultipleLevel versiones anteriores a libxslt versi\u00f3n 1.1.33, podr\u00eda permitir a atacantes explotar potencialmente la corrupci\u00f3n de la pila por medio de datos XML dise\u00f1ados."
}
],
"id": "CVE-2019-5815",
"lastModified": "2024-11-21T04:45:33.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-11T01:15:10.537",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
},
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-14 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://seclists.org/oss-sec/2013/q4/238 | Patch | |
| secalert@redhat.com | http://seclists.org/oss-sec/2013/q4/239 | Patch | |
| secalert@redhat.com | http://secunia.com/advisories/56072 | Vendor Advisory | |
| secalert@redhat.com | http://www.osvdb.org/99671 | ||
| secalert@redhat.com | https://bugzilla.novell.com/show_bug.cgi?id=849019 | Exploit, Patch | |
| secalert@redhat.com | https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa | Exploit, Patch | |
| secalert@redhat.com | https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html | ||
| secalert@redhat.com | https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2013/q4/238 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2013/q4/239 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/56072 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/99671 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.novell.com/show_bug.cgi?id=849019 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxslt | * | |
| xmlsoft | libxslt | 0.0.1 | |
| xmlsoft | libxslt | 0.1.0 | |
| xmlsoft | libxslt | 0.2.0 | |
| xmlsoft | libxslt | 0.3.0 | |
| xmlsoft | libxslt | 0.4.0 | |
| xmlsoft | libxslt | 0.5.0 | |
| xmlsoft | libxslt | 0.6.0 | |
| xmlsoft | libxslt | 0.7.0 | |
| xmlsoft | libxslt | 0.8.0 | |
| xmlsoft | libxslt | 0.9.0 | |
| xmlsoft | libxslt | 0.10.0 | |
| xmlsoft | libxslt | 0.11.0 | |
| xmlsoft | libxslt | 0.12.0 | |
| xmlsoft | libxslt | 0.13.0 | |
| xmlsoft | libxslt | 0.14.0 | |
| xmlsoft | libxslt | 1.0.0 | |
| xmlsoft | libxslt | 1.0.1 | |
| xmlsoft | libxslt | 1.0.2 | |
| xmlsoft | libxslt | 1.0.3 | |
| xmlsoft | libxslt | 1.0.4 | |
| xmlsoft | libxslt | 1.0.5 | |
| xmlsoft | libxslt | 1.0.6 | |
| xmlsoft | libxslt | 1.0.7 | |
| xmlsoft | libxslt | 1.0.8 | |
| xmlsoft | libxslt | 1.0.9 | |
| xmlsoft | libxslt | 1.0.10 | |
| xmlsoft | libxslt | 1.0.11 | |
| xmlsoft | libxslt | 1.0.12 | |
| xmlsoft | libxslt | 1.0.13 | |
| xmlsoft | libxslt | 1.0.14 | |
| xmlsoft | libxslt | 1.0.15 | |
| xmlsoft | libxslt | 1.0.16 | |
| xmlsoft | libxslt | 1.0.17 | |
| xmlsoft | libxslt | 1.0.18 | |
| xmlsoft | libxslt | 1.0.19 | |
| xmlsoft | libxslt | 1.0.20 | |
| xmlsoft | libxslt | 1.0.21 | |
| xmlsoft | libxslt | 1.0.22 | |
| xmlsoft | libxslt | 1.0.23 | |
| xmlsoft | libxslt | 1.0.24 | |
| xmlsoft | libxslt | 1.0.25 | |
| xmlsoft | libxslt | 1.0.26 | |
| xmlsoft | libxslt | 1.0.27 | |
| xmlsoft | libxslt | 1.0.28 | |
| xmlsoft | libxslt | 1.0.29 | |
| xmlsoft | libxslt | 1.0.30 | |
| xmlsoft | libxslt | 1.0.31 | |
| xmlsoft | libxslt | 1.0.32 | |
| xmlsoft | libxslt | 1.0.33 | |
| xmlsoft | libxslt | 1.1.0 | |
| xmlsoft | libxslt | 1.1.1 | |
| xmlsoft | libxslt | 1.1.2 | |
| xmlsoft | libxslt | 1.1.3 | |
| xmlsoft | libxslt | 1.1.4 | |
| xmlsoft | libxslt | 1.1.5 | |
| xmlsoft | libxslt | 1.1.6 | |
| xmlsoft | libxslt | 1.1.7 | |
| xmlsoft | libxslt | 1.1.8 | |
| xmlsoft | libxslt | 1.1.9 | |
| xmlsoft | libxslt | 1.1.10 | |
| xmlsoft | libxslt | 1.1.11 | |
| xmlsoft | libxslt | 1.1.12 | |
| xmlsoft | libxslt | 1.1.13 | |
| xmlsoft | libxslt | 1.1.14 | |
| xmlsoft | libxslt | 1.1.15 | |
| xmlsoft | libxslt | 1.1.16 | |
| xmlsoft | libxslt | 1.1.17 | |
| xmlsoft | libxslt | 1.1.18 | |
| xmlsoft | libxslt | 1.1.19 | |
| xmlsoft | libxslt | 1.1.20 | |
| xmlsoft | libxslt | 1.1.21 | |
| xmlsoft | libxslt | 1.1.22 | |
| xmlsoft | libxslt | 1.1.23 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB5BF4A-58DB-4329-A89A-B11F4663B059",
"versionEndIncluding": "1.1.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E595672-2421-461D-87D9-328048B25050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "956B09D6-C565-400E-A138-ED4A2BBC275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD95682-DC9E-4F6F-AFAF-A76A5798CD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28E01474-EC8B-4664-8207-EC46C0175554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5175CD5-1CA4-49A8-8CCD-586EFCD25D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AB058A-BAF1-4F86-9F79-8C5A9A01DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1975FB9-2D07-418B-BB0B-782D068C0535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D10EDFCC-7A5B-4AE4-A213-494711975D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF2B4C26-6197-4C37-AABB-934EF4E37943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFA1BBF-D793-4E1C-82A5-4688675B542F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D71D19E-2679-42A1-81E4-CE1DE422CE7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7AD4CCA-3D5F-410F-A4C0-8722CE656E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0DDE39-304C-4F1B-B840-1CF3C970D3BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE5C85D-4044-413B-863A-25972FC6F669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4F412D-4DC9-4F36-9035-78F5977D0FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99186C70-8E36-45F9-8E42-4A08D2FDEF2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03E48915-76B4-4788-B4AA-6B3B7746E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC5C699-6CDB-4C2C-8BD7-1F68AB0C5348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3DB742-5752-408A-AD89-55032A2389B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A57E80C-5D45-4574-9944-AC0DA3620118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB7BA1B-9548-4D1C-8A10-34239120B0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "86D10EDB-D8DF-4CA3-8799-D2646DEC802B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4EA931-6846-488F-AD33-FE9D04EF07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D67FD41-2404-4658-8D6B-4DBD4F471880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F6DF1-2375-4389-B07D-FF486C3502CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0469B71F-2303-4072-9C54-2004A117E4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDFD037-100A-4F3E-B114-E3F72BA17084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F2EDDE79-10ED-4465-ADEA-C989548BA314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C61F9034-C7F6-4430-A2AA-4A0C00A9747B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "68926A2D-5311-46CF-AF16-AC16F53CDE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CBA3E7-0BD1-41B2-BC17-D26BA825B983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E63AAA8C-84CB-40D9-85D3-B8E62B6304CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8C19E3F3-2B60-4356-B32A-64F39340FB68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "34C904FE-A924-47B3-87DA-4F5A0BF1A398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE3321C-0865-4734-BB89-C3C4AAABBA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "684B2370-5265-4E85-BAE0-A987FA14F6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "46F05C32-8B19-4B6A-A02F-D5F96489979E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A83D4930-CA0C-4BE0-BA05-A041F80AA6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F824E314-F658-463F-9A33-AA577EF8D4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C0556BEA-0B5E-4EF7-9E7E-EF0A4323BFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "4C09DB64-1D4B-4047-B76A-D249B8D0F55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "270B7D3F-2541-4E7C-B40C-2014BD3CA4DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "29159B77-EB1C-4DA3-9DD5-52113C353870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2878F7-0917-4A17-9CB3-3B644A9B8A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "E43B3CAF-65FA-417C-A8E5-04806C4C3709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "26F9E2A6-19FC-41D4-9EB7-4FFCB152CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "8699DD77-22BD-4E8F-8210-956E7DCD805D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "FF265313-EB0B-4649-A432-E95DE0AEE4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "555054F5-4C4C-4BD0-ADD9-2E8C55814D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14054A80-5975-48DA-A2B8-800ED3F17F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E39216FB-6A55-4C15-AEBA-AC68CFE8D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9F47F-76D2-44F7-93DE-045E5F05DF57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF5779A-EE67-4AA2-86EE-5F4534AF8EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04167292-B8A5-4CE2-AE7B-70FD2BDE5724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A663FD5-6694-4203-A0B8-405121A6B346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1614DAE5-A84E-4898-B9E0-E4F5DD5D17AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "493B79B8-74A0-4089-BBA5-435C3B549928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFCEA36-7573-491B-8438-4E3FDF8E97ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF38997D-634C-423C-BD82-44E74A99D8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B4CF5A-150E-4814-BA15-EF9FB30AD0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4401FF-84D8-4AD5-BAED-978E31E5DADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CC004874-3C5D-4932-AD5B-BE7156D7D13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "269892E0-1ABA-4D0F-8266-A4DA8A575967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4597D362-AD62-4D58-BC7F-CCED44488466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D885D06-D6E5-432C-9923-AE2CE73F7654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5003EF-82E2-49F9-9F74-CB92FE98E2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D6095-2A7B-4328-ADA0-283E8F79AFDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "91C70E5E-A987-4BF3-9300-E4A3F2B0B853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C5EFA6E9-593B-484A-A8FB-A22BAEE208B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6C55B5B1-76F1-480B-B7F9-EF4AFE79E3F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "58E904DA-889E-44B9-9AF6-EC753FB316BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BC6F57-1DDD-4EA6-83F9-2672B11DF7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "69A51C1E-21C9-4FA4-8340-345B5E1F1B70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825."
},
{
"lang": "es",
"value": "xslt.c en libxslt anterior a 1.1.25 permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una hoja de estilo embebida en una DTD, lo que hace que una estructura sea accesible como un tipo diferente. NOTA: este problema se debe a una soluci\u00f3n incompleta de CVE-2012-2825."
}
],
"id": "CVE-2013-4520",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-14T20:55:03.407",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://seclists.org/oss-sec/2013/q4/238"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://seclists.org/oss-sec/2013/q4/239"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56072"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/99671"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=849019"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa"
},
{
"source": "secalert@redhat.com",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/oss-sec/2013/q4/238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/oss-sec/2013/q4/239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/99671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=849019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-24 23:59
Modified
2025-04-20 01:37
Severity ?
Summary
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| chrome-cve-admin@google.com | http://rhn.redhat.com/errata/RHSA-2017-0499.html | ||
| chrome-cve-admin@google.com | http://www.debian.org/security/2017/dsa-3810 | ||
| chrome-cve-admin@google.com | http://www.securityfocus.com/bid/96767 | ||
| chrome-cve-admin@google.com | http://www.securitytracker.com/id/1038157 | ||
| chrome-cve-admin@google.com | https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html | ||
| chrome-cve-admin@google.com | https://crbug.com/676623 | ||
| chrome-cve-admin@google.com | https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-0499.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3810 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96767 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038157 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/676623 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| apple | macos | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| chrome | * | ||
| android | - | ||
| xmlsoft | libxslt | 1.1.29 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9559EF-FA8D-4452-BD04-243F0BD5389D",
"versionEndIncluding": "57.0.2987.75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78D4802A-D418-48B0-AB99-B9F28C66F6C4",
"versionEndIncluding": "57.0.2987.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.29:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D4ECDC-5CA4-48D6-B41E-DAB606A5C403",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page."
},
{
"lang": "es",
"value": "La funci\u00f3n xsltAddTextString en transform.c en libxslt 1.1.29, tal como se utiliza en Blink en Google Chrome anteriores a 57.0.2987.98 para Mac, Windows y Linux y 57.0.2987.108 para Android, carec\u00eda de una comprobaci\u00f3n de desbordamiento de entero durante un c\u00e1lculo de tama\u00f1o, lo que permite a un atacante remoto realizar una escritura de memoria fuera de l\u00edmites a trav\u00e9s de una p\u00e1gina HTML dise\u00f1ada."
}
],
"id": "CVE-2017-5029",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T23:59:00.157",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2017/dsa-3810"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/96767"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securitytracker.com/id/1038157"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/676623"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/676623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-05 23:59
Modified
2025-04-12 10:46
Severity ?
Summary
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| chrome-cve-admin@google.com | http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html | ||
| chrome-cve-admin@google.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html | ||
| chrome-cve-admin@google.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html | ||
| chrome-cve-admin@google.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html | ||
| chrome-cve-admin@google.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html | ||
| chrome-cve-admin@google.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html | ||
| chrome-cve-admin@google.com | http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html | ||
| chrome-cve-admin@google.com | http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html | ||
| chrome-cve-admin@google.com | http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html | ||
| chrome-cve-admin@google.com | http://www.debian.org/security/2016/dsa-3590 | ||
| chrome-cve-admin@google.com | http://www.debian.org/security/2016/dsa-3605 | ||
| chrome-cve-admin@google.com | http://www.securityfocus.com/bid/90876 | ||
| chrome-cve-admin@google.com | http://www.securityfocus.com/bid/91826 | ||
| chrome-cve-admin@google.com | http://www.securitytracker.com/id/1035981 | ||
| chrome-cve-admin@google.com | http://www.ubuntu.com/usn/USN-2992-1 | ||
| chrome-cve-admin@google.com | https://access.redhat.com/errata/RHSA-2016:1190 | ||
| chrome-cve-admin@google.com | https://bugzilla.redhat.com/show_bug.cgi?id=1340016 | ||
| chrome-cve-admin@google.com | https://crbug.com/583156 | ||
| chrome-cve-admin@google.com | https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242 | ||
| chrome-cve-admin@google.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/ | ||
| chrome-cve-admin@google.com | https://security.gentoo.org/glsa/201607-07 | ||
| chrome-cve-admin@google.com | https://support.apple.com/HT206899 | ||
| chrome-cve-admin@google.com | https://support.apple.com/HT206901 | ||
| chrome-cve-admin@google.com | https://support.apple.com/HT206902 | ||
| chrome-cve-admin@google.com | https://support.apple.com/HT206903 | ||
| chrome-cve-admin@google.com | https://support.apple.com/HT206904 | ||
| chrome-cve-admin@google.com | https://support.apple.com/HT206905 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3590 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3605 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/90876 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91826 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035981 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2992-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:1190 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1340016 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/583156 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201607-07 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206899 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206901 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206902 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206903 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206904 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206905 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxslt | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| canonical | ubuntu_linux | 16.04 | |
| debian | debian_linux | 8.0 | |
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.2 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| suse | linux_enterprise | 12.0 | |
| chrome | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2EBD51-DEC5-49DD-BF2A-BFEFF02BC812",
"versionEndIncluding": "1.1.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC8B78D-1131-4F21-919D-8AC79A410FB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80D4D1E-C218-4105-8DB1-1D6BCC693F23",
"versionEndIncluding": "50.0.2661.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document."
},
{
"lang": "es",
"value": "numbers.c in libxslt en verisones anteriores a 1.1.29, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, no maneja correctamente los nodos de espacio de nombres, lo que permite a atacantes remotos provocar una denegaci\u00f3n del servicio (acceso a memoria din\u00e1mica fuera de l\u00edmites) o posiblemente tener otro impacto no especificado a trav\u00e9s de un documento manipulado."
}
],
"id": "CVE-2016-1683",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-05T23:59:12.227",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/90876"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/91826"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securitytracker.com/id/1035981"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340016"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/583156"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206899"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206901"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206902"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206903"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206904"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/90876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/583156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206905"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-22 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://www.securityfocus.com/bid/91826 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | http://www.securitytracker.com/id/1036348 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html | Mailing List, Third Party Advisory | |
| product-security@apple.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/ | ||
| product-security@apple.com | https://support.apple.com/HT206899 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206901 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206902 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206903 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206904 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT206905 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91826 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036348 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206899 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206901 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206902 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206903 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206904 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206905 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9139DE10-DDA6-4BA8-AA13-A7009B63C08C",
"versionEndExcluding": "1.1.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58AFFDB5-B32E-4283-968F-BBFA4CAAC2E1",
"versionEndExcluding": "9.3.3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "345C1D2B-0795-4041-BB43-0196DC1A37E9",
"versionEndExcluding": "10.11.6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE82A10D-FF16-469F-9CC0-D97EE6B694BA",
"versionEndExcluding": "9.2.2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C06D177-4027-4F79-832E-196EB0B14109",
"versionEndExcluding": "2.2.2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05F7F040-914C-440A-933F-D484BFD44EE9",
"versionEndExcluding": "5.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E39C1D2-51B4-403A-8488-FCE21DD23114",
"versionEndExcluding": "12.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612."
},
{
"lang": "es",
"value": "libxslt en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, iTunes en versiones anteriores a 12.4.2 en Windows, iCloud en versiones anteriores a 5.2.1 en Windows, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o posiblemente tener otro impacto no especificado a trav\u00e9s de vectores desconocidos, una vulnerabilidad diferente a CVE-2016-4607, CVE-2016-4608, CVE-2016-4609 y CVE-2016-4612."
}
],
"id": "CVE-2016-4610",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-22T02:59:34.180",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"source": "product-security@apple.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206899"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206901"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206904"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-11 02:01
Modified
2025-04-11 00:51
Severity ?
Summary
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://code.google.com/p/chromium/issues/detail?id=73716 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | http://downloads.avaya.com/css/P8/documents/100144158 | Third Party Advisory | |
| cve@mitre.org | http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f | Patch, Third Party Advisory | |
| cve@mitre.org | http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html | Vendor Advisory | |
| cve@mitre.org | http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2012:164 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/46785 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0628 | Permissions Required | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=684386 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/65966 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://code.google.com/p/chromium/issues/detail?id=73716 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.avaya.com/css/P8/documents/100144158 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:164 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/46785 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0628 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=684386 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/65966 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7AD8B5C-C973-4445-B111-716D9814CE79",
"versionEndExcluding": "10.0.648.127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9251F19D-BEA4-4ED4-9A4B-EA89E795C6D0",
"versionEndIncluding": "1.1.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la implementaci\u00f3n XSLT en Google Chrome anterior a v10.0.648.127 permite a atacantes remotos obtener informaci\u00f3n sensible acerca de las direcciones de memoria en el mont\u00f3n mediante vectores desconocidos."
}
],
"id": "CVE-2011-1202",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-11T02:01:20.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=73716"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://downloads.avaya.com/css/P8/documents/100144158"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/46785"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0628"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65966"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=73716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://downloads.avaya.com/css/P8/documents/100144158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/46785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-09 04:10
Modified
2025-04-11 00:51
Severity ?
Summary
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| chrome-cve-admin@google.com | http://code.google.com/p/chromium/issues/detail?id=110277 | ||
| chrome-cve-admin@google.com | http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html | ||
| chrome-cve-admin@google.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14818 | ||
| chrome-cve-admin@google.com | https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html | ||
| chrome-cve-admin@google.com | https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://code.google.com/p/chromium/issues/detail?id=110277 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14818 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| xmlsoft | libxslt | * | |
| suse | linux_enterprise_desktop | 11 | |
| suse | linux_enterprise_desktop | 11 | |
| suse | linux_enterprise_server | 10 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_software_development_kit | 11 | |
| suse | linux_enterprise_software_development_kit | 11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3785615-314D-46D8-8894-3554935C569A",
"versionEndExcluding": "17.0.963.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9251F19D-BEA4-4ED4-9A4B-EA89E795C6D0",
"versionEndIncluding": "1.1.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
"matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F084E6C1-8DB0-4D1F-B8EB-5D2CD9AD6E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
"matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "8B072472-B463-4647-885D-E40B0115C810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
"matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors."
},
{
"lang": "es",
"value": "libxslt, tal y como se utiliza en Google Chrome antes de v17.0.963.46, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-3970",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-09T04:10:29.177",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://code.google.com/p/chromium/issues/detail?id=110277"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14818"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/chromium/issues/detail?id=110277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-05 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.gnome.org/show_bug.cgi?id=758400 | Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugzilla.suse.com/show_bug.cgi?id=934119 | Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.gnome.org/show_bug.cgi?id=758400 | Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=934119 | Issue Tracking, Patch, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F61C01E-4FE8-4543-9BB7-BC8929689BCB",
"versionEndIncluding": "1.1.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs."
},
{
"lang": "es",
"value": "En libxslt 1.1.29 y anteriores, la funci\u00f3n EXSLT math.random no se inici\u00f3 con una seed aleatoria durante el arranque, lo que podr\u00eda hacer que el uso de esta funci\u00f3n produzca salidas predecibles."
}
],
"id": "CVE-2015-9019",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-05T21:59:00.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=758400"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=934119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=758400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=934119"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-03 03:15
Modified
2024-11-21 06:59
Severity ?
Summary
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab | Patch, Third Party Advisory | |
| cve@mitre.org | https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd | Patch, Third Party Advisory | |
| cve@mitre.org | https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://gitlab.gnome.org/GNOME/libxslt/-/tags | Product, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/ | ||
| cve@mitre.org | https://security.gentoo.org/glsa/202210-03 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20220715-0006/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2022/dsa-5142 | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/libxslt/-/tags | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202210-03 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220715-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5142 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxml2 | * | |
| xmlsoft | libxslt | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | clustered_data_ontap | - | |
| netapp | clustered_data_ontap_antivirus_connector | - | |
| netapp | manageability_software_development_kit | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | smi-s_provider | - | |
| netapp | snapdrive | - | |
| netapp | snapmanager | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| oracle | zfs_storage_appliance_kit | 8.8 | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89C29E70-5CC5-43AF-8373-9E7AD6F2F700",
"versionEndExcluding": "2.9.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8E0B72-62EC-47B5-9957-4DC840F5E968",
"versionEndIncluding": "1.1.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
"matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62347994-1353-497C-9C4A-D5D8D95F67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D39DCAE7-494F-40B2-867F-6C6A077939DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*",
"matchCriteriaId": "80774A35-B0B8-4F9C-99CA-23849978D158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don\u0027t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2\u0027s buffer functions, for example libxslt through 1.1.35, is affected as well."
},
{
"lang": "es",
"value": "En libxml2 versiones anteriores a 2.9.14, varias funciones de manejo de b\u00faferes en buf.c (xmlBuf*) y tree.c (xmlBuffer*) no comprueban los desbordamientos de enteros. Esto puede resultar en escrituras de memoria fuera de l\u00edmites. La explotaci\u00f3n requiere que la v\u00edctima abra un archivo XML dise\u00f1ado de varios gigabytes. Otro software usando las funciones de b\u00fafer de libxml2, por ejemplo libxslt versiones hasta 1.1.35, tambi\u00e9n est\u00e1 afectado"
}
],
"id": "CVE-2022-29824",
"lastModified": "2024-11-21T06:59:45.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-03T03:15:06.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-03"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220715-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5142"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220715-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-05 23:59
Modified
2025-04-12 10:46
Severity ?
Summary
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| chrome-cve-admin@google.com | http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html | ||
| chrome-cve-admin@google.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html | ||
| chrome-cve-admin@google.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html | ||
| chrome-cve-admin@google.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html | ||
| chrome-cve-admin@google.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html | ||
| chrome-cve-admin@google.com | http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html | ||
| chrome-cve-admin@google.com | http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html | ||
| chrome-cve-admin@google.com | http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html | ||
| chrome-cve-admin@google.com | http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html | ||
| chrome-cve-admin@google.com | http://www.debian.org/security/2016/dsa-3590 | ||
| chrome-cve-admin@google.com | http://www.debian.org/security/2016/dsa-3605 | ||
| chrome-cve-admin@google.com | http://www.securityfocus.com/bid/90876 | ||
| chrome-cve-admin@google.com | http://www.securitytracker.com/id/1035981 | ||
| chrome-cve-admin@google.com | http://www.ubuntu.com/usn/USN-2992-1 | ||
| chrome-cve-admin@google.com | https://access.redhat.com/errata/RHSA-2016:1190 | ||
| chrome-cve-admin@google.com | https://bugzilla.redhat.com/show_bug.cgi?id=1340017 | ||
| chrome-cve-admin@google.com | https://crbug.com/583171 | ||
| chrome-cve-admin@google.com | https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d | ||
| chrome-cve-admin@google.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/ | ||
| chrome-cve-admin@google.com | https://security.gentoo.org/glsa/201607-07 | ||
| chrome-cve-admin@google.com | https://support.apple.com/HT206899 | ||
| chrome-cve-admin@google.com | https://support.apple.com/HT206901 | ||
| chrome-cve-admin@google.com | https://support.apple.com/HT206902 | ||
| chrome-cve-admin@google.com | https://support.apple.com/HT206903 | ||
| chrome-cve-admin@google.com | https://support.apple.com/HT206904 | ||
| chrome-cve-admin@google.com | https://support.apple.com/HT206905 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3590 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3605 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/90876 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035981 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2992-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:1190 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1340017 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/583171 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201607-07 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206899 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206901 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206902 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206903 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206904 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206905 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80D4D1E-C218-4105-8DB1-1D6BCC693F23",
"versionEndIncluding": "50.0.2661.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2EBD51-DEC5-49DD-BF2A-BFEFF02BC812",
"versionEndIncluding": "1.1.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document."
},
{
"lang": "es",
"value": "numbers.c en libxslt en versiones anteriores a 1.1.29, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, no maneja correctamente el token de formato i para datos xsl:number, lo que permite a atacantes remotos provocar una denegaci\u00f3n del servicio (desbordamiento de entero o consumo de recursos) o posiblemente tener otro impacto no especificado a trav\u00e9s de un documento manipulado."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/190.html\"\u003eCWE-190: Integer Overflow or Wraparound\u003c/a\u003e",
"id": "CVE-2016-1684",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-05T23:59:13.117",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/90876"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securitytracker.com/id/1035981"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340017"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/583171"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206899"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206901"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206902"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206903"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206904"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/90876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/583171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206905"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}