CVE-2012-2893

MEDIUM

Description

Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.

References

http://git.chromium.org/gitweb/?p=chromium.git;a=commit;h=9a5da8e7d4b6f3454614b0331a51bf29c966f556

http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html

http://secunia.com/advisories/50838

http://www.debian.org/security/2012/dsa-2555

http://www.mandriva.com/security/advisories?name=MDVSA-2012:164

https://chromiumcodereview.appspot.com/10919019

https://code.google.com/p/chromium/issues/detail?id=144799

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15714

https://src.chromium.org/viewvc/chrome?view=rev&revision=154331

Details

Source: MITRE

Published: 2012-09-26

Updated: 2017-09-19

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:google:chrome:22.0.1229.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.6:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.11:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.14:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.16:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.17:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.18:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.20:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.21:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.22:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.23:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.24:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.25:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.26:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.28:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.29:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.32:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.48:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.49:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.50:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.51:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.52:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.53:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.54:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.55:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.56:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.57:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.58:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.59:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.60:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.62:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.63:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.64:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.65:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.67:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:22.0.1229.76:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to 22.0.1229.78 (inclusive)

Tenable Plugins

View all (14 total)

ID	Name	Product	Family	Severity
80695	Oracle Solaris Third-Party Patch Update : libxslt (multiple_vulnerabilities_in_libxslt)	Nessus	Solaris Local Security Checks	medium
74788	openSUSE Security Update : chromium (openSUSE-SU-2012:1376-1)	Nessus	SuSE Local Security Checks	high
71907	GLSA-201401-07 : libxslt: Denial of Service	Nessus	Gentoo Local Security Checks	medium
68622	Oracle Linux 5 / 6 : libxslt (ELSA-2012-1265)	Nessus	Oracle Linux Local Security Checks	medium
66061	Mandriva Linux Security Advisory : libxslt (MDVSA-2013:047)	Nessus	Mandriva Local Security Checks	medium
62504	Mandriva Linux Security Advisory : libxslt (MDVSA-2012:164)	Nessus	Mandriva Local Security Checks	medium
62440	Debian DSA-2555-1 : libxslt - several vulnerabilities	Nessus	Debian Local Security Checks	medium
62435	Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libxslt vulnerabilities (USN-1595-1)	Nessus	Ubuntu Local Security Checks	medium
62340	FreeBSD : chromium -- multiple vulnerabilities (5bae2ab4-0820-11e2-be5f-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	high
800969	Google Chrome < 22.0.1229.79 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
62313	Google Chrome < 22.0.1229.79 Multiple Vulnerabilities	Nessus	Windows	high
6592	Google Chrome < 22.0.1229.79 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
62090	RHEL 5 / 6 : libxslt (RHSA-2012:1265)	Nessus	Red Hat Local Security Checks	medium
62085	CentOS 5 / 6 : libxslt (CESA-2012:1265)	Nessus	CentOS Local Security Checks	medium