CVE-2012-2825 — Improper Input Validation in Google Chrome

CWE-20 — Improper Input Validation16 documents9 sources

Severity

5.0MEDIUMNVD

NVD4.3

EPSS

1.4%

top 19.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxslt Debian Libxslt Google Chrome +7 more

Timeline

PublishedJun 27

Latest updateMay 17

Description

The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages11 packages

▶NVDgoogle/chrome20.0.1132.42+42

▶debiandebian/libxslt< libxslt 1.1.26-13 (bookworm)+1

▶Debianxmlsoft/libxslt< 1.1.26-13+3

▶NVDxmlsoft/libxslt1.1.24+73

▶vmwarevmware/esxi

🔴Vulnerability Details

GHSA

GHSA-fj65-38p4-j4mp: The XSL implementation in Google Chrome before 20↗2022-05-17

▶

GHSA

GHSA-762m-frp4-phf3: xslt↗2022-05-17

▶

OSV

CVE-2012-2825: The XSL implementation in Google Chrome before 20↗2012-06-27

▶

📋Vendor Advisories

VMware

VMware vSphere security updates for the authentication service and third party libraries↗2013-01-31

▶

Debian

CVE-2013-4520: libxslt - xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a de...↗2013

▶

VMware

VMware security updates for vCSA, vCenter Server, and ESXi↗2012-12-20

▶

Ubuntu

libxslt vulnerabilities↗2012-10-04

▶

Red Hat

libxslt: DoS when reading unexpected DTD nodes in XSLT↗2012-06-26

▶

📄Research Papers

arXiv

CyNER: A Python Library for Cybersecurity Named Entity Recognition↗2022-04-08

▶

💬Community

Bugzilla

CVE-2013-4520 libxslt: DoS when reading unexpected DTD nodes in XSLT in versions prior to 1.1.25↗2013-11-06

▶

Bugzilla

CVE-2012-2825 CVE-2012-2871 CVE-2012-2870 libxslt various flaws [fedora-all]↗2012-06-27

▶

Bugzilla

CVE-2012-2825 libxslt: DoS when reading unexpected DTD nodes in XSLT↗2012-06-27

▶