CVE-2012-2871
published 2012-08-31CVE-2012-2871: libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL…
PriorityP427medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.38%
81.8th percentile
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
Affected
113 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | iphone_os | <= 6.1.4 | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-259f-5jp2-pgmr: libxml2 2
ghsa_unreviewed·2022-05-17
CVE-2012-2871 [MEDIUM] GHSA-259f-5jp2-pgmr: libxml2 2
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
OSV
CVE-2012-2871: libxml2 2
osv·2012-08-31·CVSS 6.8
CVE-2012-2871 [MEDIUM] CVE-2012-2871: libxml2 2
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
VMware
VMware vSphere security updates for the authentication service and third party libraries
vendor_vmware·2013-01-31·CVSS 10.0
CVE-2011-1202 [CRITICAL] VMware vSphere security updates for the authentication service and third party libraries
VMSA-2013-0001: VMware vSphere security updates for the authentication service and third party libraries
a. VMware vSphere client-side authentication memory corruption vulnerability VMware vCenter Server, vSphere Client, and ESX contain a vulnerability in the handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince either vCenter Server, vSphere Client or ESX to interact with a malicious server as a client. Exploitation of the issue may lead to code execution on the client system. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2013-1405 to this issue. Column 4 of the following tabl
VMware
VMware security updates for vCSA, vCenter Server, and ESXi
vendor_vmware·2012-12-20·CVSS 4.0
CVE-2009-5029 [MEDIUM] VMware security updates for vCSA, vCenter Server, and ESXi
VMSA-2012-0018: VMware security updates for vCSA, vCenter Server, and ESXi
a. vCenter Server Appliance directory traversal The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6324 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Product Version Running on Replace with/ Apply Patch VMware Product vCSA Product Vers
Ubuntu
libxslt vulnerabilities
vendor_ubuntu·2012-10-04·CVSS 4.3
CVE-2011-1202 [MEDIUM] libxslt vulnerabilities
Title: libxslt vulnerabilities
Summary: Applications using libxslt could be made to crash or run programs as your
login if they processed a specially crafted file.
Chris Evans discovered that libxslt incorrectly handled generate-id XPath
functions. If a user or automated system were tricked into processing a
specially crafted XSLT document, a remote attacker could obtain potentially
sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu
10.04 LTS and Ubuntu 11.04. (CVE-2011-1202)
It was discovered that libxslt incorrectly parsed certain patterns. If a
user or automated system were tricked into processing a specially crafted
XSLT document, a remote attacker could cause libxslt to crash, causing a
denial of service. (CVE-2011-3970)
Nicholas Gregoire discovered that libxs
Red Hat
libxslt: Heap-buffer overflow caused by bad cast in XSL transforms
vendor_redhat·2012-08-31·CVSS 6.8
CVE-2012-2871 [MEDIUM] CWE-122 libxslt: Heap-buffer overflow caused by bad cast in XSL transforms
libxslt: Heap-buffer overflow caused by bad cast in XSL transforms
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
Debian
CVE-2012-2871: libxslt - libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, doe...
vendor_debian·2012·CVSS 6.8
CVE-2012-2871 [MEDIUM] CVE-2012-2871: libxslt - libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, doe...
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
Scope: local
bookworm: resolved (fixed in 1.1.26-14)
bullseye: resolved (fixed in 1.1.26-14)
forky: resolved (fixed in 1.1.26-14)
sid: resolved (fixed in 1.1.26-14)
trixie: resolved (fixed in 1.1.26-14)
No detection rules found.
Bugzilla
CVE-2012-2871 libxslt: Heap-buffer overflow caused by bad cast in XSL transforms
bugzilla·2012-08-30·CVSS 6.8
CVE-2012-2871 [MEDIUM] CVE-2012-2871 libxslt: Heap-buffer overflow caused by bad cast in XSL transforms
CVE-2012-2871 libxslt: Heap-buffer overflow caused by bad cast in XSL transforms
A heap-buffer overflow flaw was found in libxslt, a C library which allows to transform XML files into other XML files (or HTML, text, ...) using the standard XSLT stylesheet transformation mechanism. It was found that when applying templates to nodes selected by "namespace::*", a out-of-bounds read is performed. Later, this value is used during unlinking of nodes, leading to a WRITE error in xmlUnlinkNode().
Reference:
https://code.google.com/p/chromium/issues/detail?id=138673
Upstream patch:
http://git.gnome.org/browse/libxslt/commit/?id=937ba2a3eb42d288f53c8adc211bd1122869f0bf
Discussion:
Public via:
http://googlechromereleases.blogspot.in/2012/08/stable-channel-update_30.html
---
This issue has been
Bugzilla
CVE-2012-2825 CVE-2012-2871 CVE-2012-2870 libxslt various flaws [fedora-all]
bugzilla·2012-06-27·CVSS 5.0
CVE-2012-2825 [MEDIUM] CVE-2012-2825 CVE-2012-2871 CVE-2012-2870 libxslt various flaws [fedora-all]
CVE-2012-2825 CVE-2012-2871 CVE-2012-2870 libxslt various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=securit
http://code.google.com/p/chromium/issues/detail?id=138673http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.htmlhttp://lists.apple.com/archives/security-announce/2013/Oct/msg00009.htmlhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.htmlhttp://secunia.com/advisories/50838http://secunia.com/advisories/54886http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276&r2=149930http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=loghttp://support.apple.com/kb/HT5934http://support.apple.com/kb/HT6001http://www.debian.org/security/2012/dsa-2555http://www.mandriva.com/security/advisories?name=MDVSA-2012:164https://chromiumcodereview.appspot.com/10824157https://exchange.xforce.ibmcloud.com/vulnerabilities/78179http://code.google.com/p/chromium/issues/detail?id=138673http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.htmlhttp://lists.apple.com/archives/security-announce/2013/Oct/msg00009.htmlhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.htmlhttp://secunia.com/advisories/50838http://secunia.com/advisories/54886http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276&r2=149930http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=loghttp://support.apple.com/kb/HT5934http://support.apple.com/kb/HT6001http://www.debian.org/security/2012/dsa-2555http://www.mandriva.com/security/advisories?name=MDVSA-2012:164https://chromiumcodereview.appspot.com/10824157https://exchange.xforce.ibmcloud.com/vulnerabilities/78179
2012-08-31
Published