CVE-2017-5029

high

Description

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

References

https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5

https://crbug.com/676623

https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html

http://www.securityfocus.com/bid/96767

http://www.securitytracker.com/id/1038157

http://www.debian.org/security/2017/dsa-3810

http://rhn.redhat.com/errata/RHSA-2017-0499.html

Details

Source: MITRE

Published: 2017-04-24

Updated: 2022-04-22

Type: CWE-787

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH