CVE-2017-5029

MEDIUM

Description

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

References

http://rhn.redhat.com/errata/RHSA-2017-0499.html

http://www.debian.org/security/2017/dsa-3810

http://www.securityfocus.com/bid/96767

http://www.securitytracker.com/id/1038157

https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html

https://crbug.com/676623

https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5

Details

Source: MITRE

Published: 2017-04-24

Updated: 2018-01-05

Type: CWE-787

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (21 total)

ID	Name	Product	Family	Severity
111867	Photon OS 1.0: Linux PHSA-2017-0018 (deprecated)	Nessus	PhotonOS Local Security Checks	high
108821	GLSA-201804-01 : libxslt: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
103237	FreeBSD : GitLab -- multiple vulnerabilities (6a177c87-9933-11e7-93f7-d43d7e971a1b)	Nessus	FreeBSD Local Security Checks	high
101920	Fedora 24 : qt5-qtwebengine (2017-98bed96d12)	Nessus	Fedora Local Security Checks	medium
101740	Fedora 26 : qt5-qtwebengine (2017-e83c26a8c9)	Nessus	Fedora Local Security Checks	high
101504	Fedora 25 : qt5-qtwebengine (2017-58cde32413)	Nessus	Fedora Local Security Checks	high
100367	openSUSE Security Update : libxslt (openSUSE-2017-609)	Nessus	SuSE Local Security Checks	high
100243	SUSE SLED12 / SLES12 Security Update : libxslt (SUSE-SU-2017:1313-1)	Nessus	SuSE Local Security Checks	high
100208	SUSE SLES11 Security Update : libxslt (SUSE-SU-2017:1282-1)	Nessus	SuSE Local Security Checks	high
100026	Apple iTunes < 12.6 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	high
100025	Apple iTunes < 12.6 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	high
99725	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : libxslt vulnerabilities (USN-3271-1)	Nessus	Ubuntu Local Security Checks	high
99135	Mac OS X Multiple Vulnerabilities (Security Update 2017-001	Nessus	MacOS X Local Security Checks	high
99093	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : oxide-qt vulnerabilities (USN-3236-1)	Nessus	Ubuntu Local Security Checks	medium
97920	Debian DLA-866-1 : libxslt security update	Nessus	Debian Local Security Checks	medium
97817	openSUSE Security Update : Chromium (openSUSE-2017-353)	Nessus	SuSE Local Security Checks	medium
97783	Debian DSA-3810-1 : chromium-browser - security update	Nessus	Debian Local Security Checks	medium
97725	Google Chrome < 57.0.2987.98 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
97724	Google Chrome < 57.0.2987.98 Multiple Vulnerabilities	Nessus	Windows	high
97718	RHEL 6 : chromium-browser (RHSA-2017:0499)	Nessus	Red Hat Local Security Checks	medium
97689	FreeBSD : chromium -- multiple vulnerabilities (a505d397-0758-11e7-8d8b-e8e0b747a45a)	Nessus	FreeBSD Local Security Checks	medium

CVE-2017-5029

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins