CVE-2011-3970

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

References

http://code.google.com/p/chromium/issues/detail?id=110277

http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14818

https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html

https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html

Details

Source: MITRE

Published: 2012-02-09

Updated: 2020-09-09

Type: CWE-125

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
89661VMware ESX / ESXi Authentication Service and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0001) (remote check)NessusMisc.
critical
75939openSUSE Security Update : libxslt (openSUSE-SU-2012:0343-1)NessusSuSE Local Security Checks
medium
74563openSUSE Security Update : chromium / v8 (openSUSE-2012-142)NessusSuSE Local Security Checks
high
74544openSUSE Security Update : libxslt (openSUSE-2012-108)NessusSuSE Local Security Checks
medium
70886ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)NessusMisc.
medium
70843SuSE 11.2 / 11.3 Security Update : libxslt (SAT Patch Numbers 8500 / 8501)NessusSuSE Local Security Checks
medium
69613Amazon Linux AMI : libxslt (ALAS-2012-123)NessusAmazon Linux Local Security Checks
medium
68622Oracle Linux 5 / 6 : libxslt (ELSA-2012-1265)NessusOracle Linux Local Security Checks
medium
64642VMSA-2013-0001 : VMware vSphere security updates for the authentication service and third-party librariesNessusVMware ESX Local Security Checks
critical
63195Fedora 18 : libxslt-1.1.27-2.fc18 (2012-15716)NessusFedora Local Security Checks
medium
62435Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libxslt vulnerabilities (USN-1595-1)NessusUbuntu Local Security Checks
medium
62328Fedora 17 : libxslt-1.1.26-10.fc17 (2012-14083)NessusFedora Local Security Checks
medium
62326Fedora 16 : libxslt-1.1.26-9.fc16 (2012-14048)NessusFedora Local Security Checks
medium
62107Scientific Linux Security Update : libxslt on SL5.x, SL6.x i386/x86_64 (20120913)NessusScientific Linux Local Security Checks
medium
62090RHEL 5 / 6 : libxslt (RHSA-2012:1265)NessusRed Hat Local Security Checks
medium
62085CentOS 5 / 6 : libxslt (CESA-2012:1265)NessusCentOS Local Security Checks
medium
58616SuSE 10 Security Update : libxslt (ZYPP Patch Number 8019)NessusSuSE Local Security Checks
medium
58588SuSE 11.1 Security Update : libxslt (SAT Patch Number 5810)NessusSuSE Local Security Checks
medium
58218GLSA-201203-08 : libxslt: Denial of ServiceNessusGentoo Local Security Checks
medium
58178Mandriva Linux Security Advisory : libxslt (MDVSA-2012:028)NessusMandriva Local Security Checks
medium
58025GLSA-201202-01 : Chromium: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
57883FreeBSD : chromium -- multiple vulnerabilities (fe1976c2-5317-11e1-9e99-00262d5ed8ee)NessusFreeBSD Local Security Checks
high
57876Google Chrome < 17.0.963.46 Multiple VulnerabilitiesNessusWindows
high
800936Google Chrome < 17.0.963.46 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6312Google Chrome < 17.0.963.46 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high