CVE-2017-5029

CWE-787 — Out-of-bounds Write18 documents9 sources

Severity

8.8HIGH

EPSS

1.2%

top 20.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Debian Linux Redhat Enterprise Linux Desktop +3 more

Timeline

PublishedApr 24

Latest updateJul 31

Description

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

▶NVDgoogle/chrome57.0.2987.75+1

▶Debianlibxslt< 1.1.29-2.1+3

▶Ubuntulibxslt< 1.1.28-2ubuntu0.1+1

▶NVDxmlsoft/libxslt1.1.29

▶NVDredhat/enterprise_linux_server6.0

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

OSV

Nokogiri implementation of libxslt lacks integer overflow checks↗2018-07-31

▶

GHSA

Nokogiri implementation of libxslt lacks integer overflow checks↗2018-07-31

▶

OSV

libxslt vulnerabilities↗2017-04-28

▶

CVEList

CVE-2017-5029: The xsltAddTextString function in transform↗2017-04-24

▶

OSV

CVE-2017-5029: The xsltAddTextString function in transform↗2017-04-24

▶

📋Vendor Advisories

Ubuntu

Libxslt vulnerabilities↗2017-04-28

▶

Ubuntu

Oxide vulnerabilities↗2017-03-29

▶

Apple

CVE-2017-5029: iCloud for Windows 6.2↗2017-03-28

▶

Apple

CVE-2017-5029: watchOS 3.2↗2017-03-27

▶

Apple

CVE-2017-5029: iOS 10.3↗2017-03-27

▶

💬Community

Bugzilla

CVE-2017-5029 chromium-browser: integer overflow in libxslt↗2017-03-10

▶