CVE-2021-30560

CWE-416Use After Free15 documents8 sources
Severity
8.8HIGH
EPSS
0.1%
top 75.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Google ChromeSplunk Universal ForwarderXmlsoft Libxslt+1 more
Timeline
PublishedAug 3
Latest updateAug 22

Description

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

CVEListV5google/chromeunspecified91.0.4472.164
NVDgoogle/chrome< 91.0.4472.164
NVDxmlsoft/libxslt< 1.1.35
Debianlibxslt< 1.1.34-4+deb11u1+3
Ubuntulibxslt< 1.1.29-5ubuntu0.3+2

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: crbug.comPatch: crbug.com

🔴Vulnerability Details

8
OSV
libxslt vulnerabilities2022-08-22
OSV
libxslt vulnerabilities2022-08-22
GHSA
Nokogiri has vulnerable dependencies on libxml2 and libxslt2022-05-24
OSV
Nokogiri has vulnerable dependencies on libxml2 and libxslt2022-05-24
OSV
Vulnerable dependencies in Nokogiri2022-02-25

📋Vendor Advisories

6
Ubuntu
Libxslt vulnerabilities2022-08-22
Ubuntu
Libxslt vulnerabilities2022-08-22
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2021-305602022-07-27
Chrome
Stable Channel Update for Desktop: CVE-2021-305592021-07-15
Microsoft
Chromium: CVE-2021-30560 Use after free in Blink XSLT2021-07-13
CVE-2021-30560 (HIGH CVSS 8.8) | Use after free in Blink XSLT in Goo | cvebase.io