CVE-2012-2870
published 2012-08-31CVE-2012-2870: libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial…
PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.38%
81.8th percentile
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
Affected
130 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | iphone_os | <= 6.1.4 | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3g6j-g63v-rg6h: libxslt 1
ghsa_unreviewed·2022-05-17
CVE-2012-2870 [MEDIUM] GHSA-3g6j-g63v-rg6h: libxslt 1
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
OSV
CVE-2012-2870: libxslt 1
osv·2012-08-31·CVSS 4.3
CVE-2012-2870 [MEDIUM] CVE-2012-2870: libxslt 1
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
VMware
VMware vSphere security updates for the authentication service and third party libraries
vendor_vmware·2013-01-31·CVSS 10.0
CVE-2011-1202 [CRITICAL] VMware vSphere security updates for the authentication service and third party libraries
VMSA-2013-0001: VMware vSphere security updates for the authentication service and third party libraries
a. VMware vSphere client-side authentication memory corruption vulnerability VMware vCenter Server, vSphere Client, and ESX contain a vulnerability in the handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince either vCenter Server, vSphere Client or ESX to interact with a malicious server as a client. Exploitation of the issue may lead to code execution on the client system. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2013-1405 to this issue. Column 4 of the following tabl
VMware
VMware security updates for vCSA, vCenter Server, and ESXi
vendor_vmware·2012-12-20·CVSS 4.0
CVE-2009-5029 [MEDIUM] VMware security updates for vCSA, vCenter Server, and ESXi
VMSA-2012-0018: VMware security updates for vCSA, vCenter Server, and ESXi
a. vCenter Server Appliance directory traversal The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6324 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Product Version Running on Replace with/ Apply Patch VMware Product vCSA Product Vers
Ubuntu
libxslt vulnerabilities
vendor_ubuntu·2012-10-04·CVSS 4.3
CVE-2011-1202 [MEDIUM] libxslt vulnerabilities
Title: libxslt vulnerabilities
Summary: Applications using libxslt could be made to crash or run programs as your
login if they processed a specially crafted file.
Chris Evans discovered that libxslt incorrectly handled generate-id XPath
functions. If a user or automated system were tricked into processing a
specially crafted XSLT document, a remote attacker could obtain potentially
sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu
10.04 LTS and Ubuntu 11.04. (CVE-2011-1202)
It was discovered that libxslt incorrectly parsed certain patterns. If a
user or automated system were tricked into processing a specially crafted
XSLT document, a remote attacker could cause libxslt to crash, causing a
denial of service. (CVE-2011-3970)
Nicholas Gregoire discovered that libxs
Red Hat
libxslt: Use-after-free when processing an invalid XPath expression
vendor_redhat·2012-08-31·CVSS 4.3
CVE-2012-2870 [MEDIUM] CWE-416 libxslt: Use-after-free when processing an invalid XPath expression
libxslt: Use-after-free when processing an invalid XPath expression
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
Debian
CVE-2012-2870: libxslt - libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does n...
vendor_debian·2012·CVSS 4.3
CVE-2012-2870 [MEDIUM] CVE-2012-2870: libxslt - libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does n...
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
Scope: local
bookworm: resolved (fixed in 1.1.26-14)
bullseye: resolved (fixed in 1.1.26-14)
forky: resolved (fixed in 1.1.26-14)
sid: resolved (fixed in 1.1.26-14)
trixie: resolved (fixed in 1.1.26-14)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-2870 libxslt: Use-after-free when processing an invalid XPath expression
bugzilla·2012-08-30·CVSS 4.3
CVE-2012-2870 [MEDIUM] CVE-2012-2870 libxslt: Use-after-free when processing an invalid XPath expression
CVE-2012-2870 libxslt: Use-after-free when processing an invalid XPath expression
Two Use-after-frees were found in libxslt, a C library which allows to transform XML files into other XML files (or HTML, text, ...) using the standard XSLT stylesheet transformation mechanism. One of them is caused due to an invalid XPath reference and the other is due to improper application of generate-id().
Reference:
https://code.google.com/p/chromium/issues/detail?id=138672
https://code.google.com/p/chromium/issues/detail?id=140368
Discussion:
Public via:
http://googlechromereleases.blogspot.in/2012/08/stable-channel-update_30.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Via RHSA-2012:1265 https://rhn.redhat.com/errata/RHSA-2
Bugzilla
CVE-2012-2825 CVE-2012-2871 CVE-2012-2870 libxslt various flaws [fedora-all]
bugzilla·2012-06-27·CVSS 5.0
CVE-2012-2825 [MEDIUM] CVE-2012-2825 CVE-2012-2871 CVE-2012-2870 libxslt various flaws [fedora-all]
CVE-2012-2825 CVE-2012-2871 CVE-2012-2870 libxslt various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=securit
http://code.google.com/p/chromium/issues/detail?id=138672http://code.google.com/p/chromium/issues/detail?id=140368http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.htmlhttp://lists.apple.com/archives/security-announce/2013/Oct/msg00009.htmlhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.htmlhttp://secunia.com/advisories/50838http://secunia.com/advisories/54886http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684&r2=149998http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=loghttp://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654&r2=150123http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=loghttp://support.apple.com/kb/HT5934http://support.apple.com/kb/HT6001http://www.debian.org/security/2012/dsa-2555http://www.mandriva.com/security/advisories?name=MDVSA-2012:164https://chromiumcodereview.appspot.com/10823168https://chromiumcodereview.appspot.com/10830177http://code.google.com/p/chromium/issues/detail?id=138672http://code.google.com/p/chromium/issues/detail?id=140368http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.htmlhttp://lists.apple.com/archives/security-announce/2013/Oct/msg00009.htmlhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.htmlhttp://secunia.com/advisories/50838http://secunia.com/advisories/54886http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684&r2=149998http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=loghttp://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654&r2=150123http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=loghttp://support.apple.com/kb/HT5934http://support.apple.com/kb/HT6001http://www.debian.org/security/2012/dsa-2555http://www.mandriva.com/security/advisories?name=MDVSA-2012:164https://chromiumcodereview.appspot.com/10823168https://chromiumcodereview.appspot.com/10830177
2012-08-31
Published