CVE-2017-5029
published 2017-04-24CVE-2017-5029: The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | icloud_for_windows | — | — |
| apple | ios | — | — |
| apple | itunes_12.6_for_windows | — | — |
| apple | macos_sierra_10.12.4_security_update_2017-001_el_capitan_and_security_update_201 | — | — |
| apple | tvos | — | — |
| apple | watchos | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxslt | < libxslt 1.1.29-2.1 (bookworm) | libxslt 1.1.29-2.1 (bookworm) |
| chrome | <= 57.0.2987.75 | — | |
| chrome | <= 57.0.2987.100 | — | |
| nokogiri | nokogiri | >= 0 < 1.7.2 | 1.7.2 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | >= 0 < 1.1.29-2.1 | 1.1.29-2.1 |
| xmlsoft | libxslt | >= 0 < 1.1.29-2.1 | 1.1.29-2.1 |
| xmlsoft | libxslt | >= 0 < 1.1.29-2.1 | 1.1.29-2.1 |
| xmlsoft | libxslt | >= 0 < 1.1.29-2.1 | 1.1.29-2.1 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2ubuntu0.1 | 1.1.28-2ubuntu0.1 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2.1ubuntu0.1 | 1.1.28-2.1ubuntu0.1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
Ubuntu
Libxslt vulnerabilities
vendor_ubuntu·2017-04-28·CVSS 5.0
CVE-2015-7995 [MEDIUM] Libxslt vulnerabilities
Title: Libxslt vulnerabilities
Summary: Several security issues were fixed in Libxslt.
Holger Fuhrmannek discovered an integer overflow in the
xsltAddTextString() function in Libxslt. An attacker could use
this to craft a malicious document that, when opened, could cause a
denial of service (application crash) or possible execute arbitrary
code. (CVE-2017-5029)
Nicolas Gregoire discovered that Libxslt mishandled namespace
nodes. An attacker could use this to craft a malicious document that,
when opened, could cause a denial of service (application crash)
or possibly execute arbtrary code. This issue only affected Ubuntu
16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683)
Sebastian Apelt discovered that a use-after-error existed in the
xsltDocumentFunctionLoadDocument() f
Ubuntu
Oxide vulnerabilities
vendor_ubuntu·2017-03-29·CVSS 8.8
CVE-2017-5029 [HIGH] Oxide vulnerabilities
Title: Oxide vulnerabilities
Summary: Several security issues were fixed in Oxide.
Multiple vulnerabilities were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, spoof
application UI by causing the security status API or webview URL to
indicate the wrong values, bypass security restrictions, cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5033,
CVE-2017-5035, CVE-2017-5037, CVE-2017-5040, CVE-2017-5041, CVE-2017-5044,
CVE-2017-5045, CVE-2017-5046)
Instructions: In general, a standard system update will make all the necessary changes.
Apple
CVE-2017-5029: iCloud for Windows 6.2
vendor_apple·2017-03-28·CVSS 8.8
CVE-2017-5029 [HIGH] CVE-2017-5029: iCloud for Windows 6.2
Apple Security Update: About the security content of iCloud for Windows 6.2
Product: iCloud for Windows
Version: 6.2
CVE: CVE-2017-5029
Component: APNs Server
Impact: An attacker in a privileged network position can track a user's activity
Description: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling.
Apple
CVE-2017-5029: watchOS 3.2
vendor_apple·2017-03-27·CVSS 7.8
CVE-2017-5029 [HIGH] CVE-2017-5029: watchOS 3.2
Apple Security Update: About the security content of watchOS 3.2
Product: watchOS
Version: 3.2
CVE: CVE-2017-5029
Component: CVE-2017-2441
Impact: Multiple vulnerabilities in libxslt
Description: Multiple memory corruption issues were addressed through improved memory handling.
Apple
CVE-2017-5029: iOS 10.3
vendor_apple·2017-03-27·CVSS 7.8
CVE-2017-5029 [HIGH] CVE-2017-5029: iOS 10.3
Apple Security Update: About the security content of iOS 10.3
Product: iOS
Version: 10.3
CVE: CVE-2017-5029
Component: CVE-2017-2441
Impact: Multiple vulnerabilities in libxslt
Description: Multiple memory corruption issues were addressed through improved memory handling.
Apple
CVE-2017-5029: tvOS 10.2
vendor_apple·2017-03-27·CVSS 7.8
CVE-2017-5029 [HIGH] CVE-2017-5029: tvOS 10.2
Apple Security Update: About the security content of tvOS 10.2
Product: tvOS
Version: 10.2
CVE: CVE-2017-5029
Component: CVE-2017-2441
Impact: Multiple vulnerabilities in libxslt
Description: Multiple memory corruption issues were addressed through improved memory handling.
Apple
CVE-2017-5029: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
vendor_apple·2017-03-27·CVSS 9.8
CVE-2017-5029 [CRITICAL] CVE-2017-5029: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
Apple Security Update: About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
Product: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
CVE: CVE-2017-5029
Component: CVE-2017-2477
Impact: Multiple vulnerabilities in libxslt
Description: Multiple memory corruption issues were addressed through improved memory handling.
Apple
CVE-2017-5029: iTunes 12.6 for Windows
vendor_apple·2017-03-21·CVSS 7.5
CVE-2017-5029 [HIGH] CVE-2017-5029: iTunes 12.6 for Windows
Apple Security Update: About the security content of iTunes 12.6 for Windows
Product: iTunes 12.6 for Windows
CVE: CVE-2017-5029
Component: CVE-2016-5300
Impact: Multiple vulnerabilities in libxslt
Description: Multiple memory corruption issues were addressed through improved memory handling.
Red Hat
chromium-browser: integer overflow in libxslt
vendor_redhat·2017-03-09·CVSS 8.8
CVE-2017-5029 [HIGH] chromium-browser: integer overflow in libxslt
chromium-browser: integer overflow in libxslt
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Debian
CVE-2017-5029: libxslt - The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blin...
vendor_debian·2017·CVSS 8.8
CVE-2017-5029 [HIGH] CVE-2017-5029: libxslt - The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blin...
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 1.1.29-2.1)
bullseye: resolved (fixed in 1.1.29-2.1)
forky: resolved (fixed in 1.1.29-2.1)
sid: resolved (fixed in 1.1.29-2.1)
trixie: resolved (fixed in 1.1.29-2.1)
OSV
Nokogiri implementation of libxslt lacks integer overflow checks
osv·2018-07-31
CVE-2017-5029 [HIGH] Nokogiri implementation of libxslt lacks integer overflow checks
Nokogiri implementation of libxslt lacks integer overflow checks
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Nokogiri prior to 1.7.2, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
GHSA
Nokogiri implementation of libxslt lacks integer overflow checks
ghsa·2018-07-31
CVE-2017-5029 [HIGH] CWE-787 Nokogiri implementation of libxslt lacks integer overflow checks
Nokogiri implementation of libxslt lacks integer overflow checks
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Nokogiri prior to 1.7.2, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
OSV
libxslt vulnerabilities
osv·2017-04-28·CVSS 5.0
CVE-2017-5029 [MEDIUM] libxslt vulnerabilities
libxslt vulnerabilities
Holger Fuhrmannek discovered an integer overflow in the
xsltAddTextString() function in Libxslt. An attacker could use
this to craft a malicious document that, when opened, could cause a
denial of service (application crash) or possible execute arbitrary
code. (CVE-2017-5029)
Nicolas Gregoire discovered that Libxslt mishandled namespace
nodes. An attacker could use this to craft a malicious document that,
when opened, could cause a denial of service (application crash)
or possibly execute arbtrary code. This issue only affected Ubuntu
16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683)
Sebastian Apelt discovered that a use-after-error existed in the
xsltDocumentFunctionLoadDocument() function in Libxslt. An attacker
could use this to craft a malici
OSV
CVE-2017-5029: The xsltAddTextString function in transform
osv·2017-04-24·CVSS 8.8
CVE-2017-5029 [HIGH] CVE-2017-5029: The xsltAddTextString function in transform
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
OSV
oxide-qt vulnerabilities
osv·2017-03-29·CVSS 8.8
CVE-2017-5029 [HIGH] oxide-qt vulnerabilities
oxide-qt vulnerabilities
Multiple vulnerabilities were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, spoof
application UI by causing the security status API or webview URL to
indicate the wrong values, bypass security restrictions, cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5033,
CVE-2017-5035, CVE-2017-5037, CVE-2017-5040, CVE-2017-5041, CVE-2017-5044,
CVE-2017-5045, CVE-2017-5046)
No detection rules found.
No public exploits indexed.
arXiv
SoK: Sanitizing for Security
arxiv_fulltext·2018-06-12
SoK: Sanitizing for Security
SoK: Sanitizing for Security
Dokyung Song,
Julian Lettner,
Prabhu Rajasekaran,
Yeoul Na,
Stijn Volckaert,
Per Larsen,
Michael Franz
University of California, Irvine
\dokyungs,jlettner,rajasekp,yeouln,stijnv,perl,franz\@uci.edu
2018 IEEE. Personal use of this material is
permitted. Permission from IEEE must be obtained for all other uses, in any
current or future media, including reprinting/republishing this material for
advertising or promotional purposes, creating new collective works, for resale
or redistribution to servers or lists, or reuse of any copyrighted component
of this work in other works.
## Abstract
The C and ++ programming languages are notoriously insecure yet remain
indispensable. Developers therefore resort to a multi-pronged approach to find
security issues before
Bugzilla
chromium: various flaws [fedora-all]
bugzilla·2017-03-10·CVSS 8.8
[HIGH] chromium: various flaws [fedora-all]
chromium: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has b
Bugzilla
CVE-2017-5029 chromium-browser: integer overflow in libxslt
bugzilla·2017-03-10·CVSS 8.8
CVE-2017-5029 [HIGH] CVE-2017-5029 chromium-browser: integer overflow in libxslt
CVE-2017-5029 chromium-browser: integer overflow in libxslt
An integer overflow flaw was found in the libxslt component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=676623
External References:
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1431051]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2017:0499 https://rhn.redhat.com/errata/RHSA-2017-0499.html
http://rhn.redhat.com/errata/RHSA-2017-0499.htmlhttp://www.debian.org/security/2017/dsa-3810http://www.securityfocus.com/bid/96767http://www.securitytracker.com/id/1038157https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.htmlhttps://crbug.com/676623https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5http://rhn.redhat.com/errata/RHSA-2017-0499.htmlhttp://www.debian.org/security/2017/dsa-3810http://www.securityfocus.com/bid/96767http://www.securitytracker.com/id/1038157https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.htmlhttps://crbug.com/676623https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
2017-04-24
Published