CVE-2017-5029

MEDIUM

Description

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

References

http://rhn.redhat.com/errata/RHSA-2017-0499.html

http://www.debian.org/security/2017/dsa-3810

http://www.securityfocus.com/bid/96767

http://www.securitytracker.com/id/1038157

https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html

https://crbug.com/676623

https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5

Details

Source: MITRE

Published: 2017-04-24

Updated: 2018-01-05

Type: CWE-787

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH