CVE-2011-1202

CWE-200Information Exposure15 documents8 sources
Severity
4.3MEDIUM
EPSS
0.6%
top 29.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeXmlsoft Libxslt
Timeline
PublishedMar 11
Latest updateMay 13

Description

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDgoogle/chrome< 10.0.648.127
Debianlibxslt< 1.1.26-7+3
NVDxmlsoft/libxslt1.1.26

Patches

Patch: code.google.comPatch: git.gnome.orgPatch: code.google.com

🔴Vulnerability Details

3
GHSA
GHSA-vrgp-pjr9-mp64: The xsltGenerateIdFunction function in functions2022-05-13
CVEList
CVE-2011-1202: The xsltGenerateIdFunction function in functions2011-03-11
OSV
CVE-2011-1202: The xsltGenerateIdFunction function in functions2011-03-11

📋Vendor Advisories

8
Ubuntu
libxslt vulnerabilities2012-10-04
Ubuntu
Thunderbird vulnerabilities2011-05-05
Ubuntu
Thunderbird vulnerabilities2011-05-05
Ubuntu
Xulrunner vulnerabilities2011-04-30
Ubuntu
Firefox vulnerabilities2011-04-30

💬Community

3
Bugzilla
CVE-2011-1712 firefox: information leak due to XSLT2011-04-19
Bugzilla
CVE-2011-1202 libxslt: Heap address leak in XLST2011-03-12
Bugzilla
CVE-2011-1202 libxslt: Heap address leak in XLST [fedora-all]2011-03-12
CVE-2011-1202 (MEDIUM CVSS 4.3) | The xsltGenerateIdFunction function | cvebase.io