CVE-2012-2870

MEDIUM

Description

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.

References

http://code.google.com/p/chromium/issues/detail?id=138672

http://code.google.com/p/chromium/issues/detail?id=140368

http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html

http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html

http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html

http://secunia.com/advisories/50838

http://secunia.com/advisories/54886

http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684&r2=149998

http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log

http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654&r2=150123

http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log

http://support.apple.com/kb/HT5934

http://support.apple.com/kb/HT6001

http://www.debian.org/security/2012/dsa-2555

http://www.mandriva.com/security/advisories?name=MDVSA-2012:164

https://chromiumcodereview.appspot.com/10823168

https://chromiumcodereview.appspot.com/10830177

Details

Source: MITRE

Published: 2012-08-31

Updated: 2014-01-28

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:6.1.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to 6.1.4 (inclusive)

Configuration 2

OR

cpe:2.3:a:google:chrome:21.0.1180.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.32:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.34:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.46:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.47:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.48:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.49:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.50:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.51:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.52:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.53:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.54:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.55:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.56:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.57:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.59:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.60:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.61:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.62:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.63:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.64:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.68:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.69:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.70:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.71:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.72:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.73:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.74:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.75:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.76:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.77:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.78:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.79:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.80:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.81:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.82:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.83:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.84:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.85:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.86:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.87:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to 21.0.1180.88 (inclusive)

cpe:2.3:a:xmlsoft:libxslt:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.18:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.19:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.20:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.21:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.22:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.23:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:1.1.24:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:* versions up to 1.1.26 (inclusive)

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
89661VMware ESX / ESXi Authentication Service and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0001) (remote check)NessusMisc.
critical
80695Oracle Solaris Third-Party Patch Update : libxslt (multiple_vulnerabilities_in_libxslt)NessusSolaris Local Security Checks
medium
74759openSUSE Security Update : chromium (openSUSE-SU-2012:1215-1)NessusSuSE Local Security Checks
high
72105Apple iTunes < 11.1.4 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
high
72104Apple iTunes < 11.1.4 Multiple Vulnerabilities (credentialed check)NessusWindows
high
71907GLSA-201401-07 : libxslt: Denial of ServiceNessusGentoo Local Security Checks
medium
70886ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)NessusMisc.
medium
70589Apple iTunes < 11.1.2 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
high
70588Apple iTunes < 11.1.2 Multiple Vulnerabilities (credentialed check)NessusWindows
high
70257Apple TV < 6.0 Multiple VulnerabilitiesNessusMisc.
high
69984Apple iOS < 7 Multiple VulnerabilitiesNessusMobile Devices
high
69613Amazon Linux AMI : libxslt (ALAS-2012-123)NessusAmazon Linux Local Security Checks
medium
68622Oracle Linux 5 / 6 : libxslt (ELSA-2012-1265)NessusOracle Linux Local Security Checks
medium
66061Mandriva Linux Security Advisory : libxslt (MDVSA-2013:047)NessusMandriva Local Security Checks
medium
64642VMSA-2013-0001 : VMware vSphere security updates for the authentication service and third-party librariesNessusVMware ESX Local Security Checks
critical
8095iTunes for Windows < 11.1.4 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
63195Fedora 18 : libxslt-1.1.27-2.fc18 (2012-15716)NessusFedora Local Security Checks
medium
62504Mandriva Linux Security Advisory : libxslt (MDVSA-2012:164)NessusMandriva Local Security Checks
medium
62440Debian DSA-2555-1 : libxslt - several vulnerabilitiesNessusDebian Local Security Checks
medium
62435Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libxslt vulnerabilities (USN-1595-1)NessusUbuntu Local Security Checks
medium
62328Fedora 17 : libxslt-1.1.26-10.fc17 (2012-14083)NessusFedora Local Security Checks
medium
62326Fedora 16 : libxslt-1.1.26-9.fc16 (2012-14048)NessusFedora Local Security Checks
medium
62107Scientific Linux Security Update : libxslt on SL5.x, SL6.x i386/x86_64 (20120913)NessusScientific Linux Local Security Checks
medium
62090RHEL 5 / 6 : libxslt (RHSA-2012:1265)NessusRed Hat Local Security Checks
medium
62085CentOS 5 / 6 : libxslt (CESA-2012:1265)NessusCentOS Local Security Checks
medium
800953Google Chrome < 21.0.1180.89 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6563Google Chrome < 21.0.1180.89 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
61774Google Chrome < 21.0.1180.89 Multiple VulnerabilitiesNessusWindows
high
61744FreeBSD : chromium -- multiple vulnerabilities (ee68923d-f2f5-11e1-8014-00262d5ed8ee)NessusFreeBSD Local Security Checks
high
8013Apple iOS < 7.0 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
critical