Vulnerabilities > CVE-2011-3970 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Google
2013
Application
Xmlsoft
77
OS
Suse
9

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBXSLT-120214.NASL
    descriptionlibxslt was prone to an out-of-bounds read flaw when parsing certain patterns (CVE-2011-3970). This could have lead to a Denial of Service.
    last seen2020-06-05
    modified2012-04-04
    plugin id58588
    published2012-04-04
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58588
    titleSuSE 11.1 Security Update : libxslt (SAT Patch Number 5810)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58588);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2011-3970");
    
      script_name(english:"SuSE 11.1 Security Update : libxslt (SAT Patch Number 5810)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "libxslt was prone to an out-of-bounds read flaw when parsing certain
    patterns (CVE-2011-3970). This could have lead to a Denial of Service."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=746039"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-3970.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 5810.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libxslt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libxslt-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/02/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libxslt-1.1.24-19.17.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libxslt-1.1.24-19.17.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libxslt-32bit-1.1.24-19.17.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, reference:"libxslt-1.1.24-19.17.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libxslt-32bit-1.1.24-19.17.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libxslt-32bit-1.1.24-19.17.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMisc.
    NASL idVMWARE_ESX_VMSA-2013-0001_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - Authentication Service - bind - libxml2 - libxslt
    last seen2020-06-01
    modified2020-06-02
    plugin id89661
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89661
    titleVMware ESX / ESXi Authentication Service and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0001) (remote check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89661);
      script_version("1.7");
      script_cvs_date("Date: 2018/11/15 20:50:24");
    
      script_cve_id(
        "CVE-2011-1202",
        "CVE-2011-3102",
        "CVE-2011-3970",
        "CVE-2012-2807",
        "CVE-2012-2825",
        "CVE-2012-2870",
        "CVE-2012-2871",
        "CVE-2012-4244",
        "CVE-2013-1405"
      );
      script_bugtraq_id(
        47668, 
        51911, 
        53540, 
        54203, 
        54718, 
        55331, 
        55522, 
        57666
      );
      script_xref(name:"VMSA", value:"2013-0001");
    
      script_name(english:"VMware ESX / ESXi Authentication Service and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0001) (remote check)");
      script_summary(english:"Checks the version and build numbers of the remote host.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote VMware ESX / ESXi host is missing a security-related patch.");
      script_set_attribute(attribute:"description", value:
    "The remote VMware ESX / ESXi host is missing a security-related patch.
    It is, therefore, affected by multiple vulnerabilities, including
    remote code execution vulnerabilities, in several components and
    third-party libraries :
    
      - Authentication Service
      - bind
      - libxml2
      - libxslt");
      script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0001.html");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the vendor advisory that
    pertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 /
    4.1.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
    
      script_dependencies("vmware_vsphere_detect.nbin");
      script_require_keys("Host/VMware/version", "Host/VMware/release");
      script_require_ports("Host/VMware/vsphere");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    ver   = get_kb_item_or_exit("Host/VMware/version");
    rel   = get_kb_item_or_exit("Host/VMware/release");
    port  = get_kb_item_or_exit("Host/VMware/vsphere");
    esx   = '';
    build = 0;
    fix   = FALSE;
    
    if ("ESX" >!< rel)
      audit(AUDIT_OS_NOT, "VMware ESX/ESXi");
    
    extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
    if (empty_or_null(extract))
      audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi");
    
    esx = extract[1];
    ver = extract[2];
    
    extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);
    if (isnull(extract))
      audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver);
    
    build = int(extract[1]);
    
    fixes = make_array(
        "4.0", 989856,
        "4.1", 988178,
        "3.5", 988599
    );
    
    fix = fixes[ver];
    
    if (!fix)
      audit(AUDIT_INST_VER_NOT_VULN, esx, ver, build);
    
    if (build < fix)
    {
      report = '\n  Version         : ' + esx + " " + ver +
               '\n  Installed build : ' + build +
               '\n  Fixed build     : ' + fix +
               '\n';
      security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);
      exit(0);
    }
    else
      audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-14083.NASL
    descriptionLot of security fixes and a few other bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-09-27
    plugin id62328
    published2012-09-27
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62328
    titleFedora 17 : libxslt-1.1.26-10.fc17 (2012-14083)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_FE1976C2531711E19E9900262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community. [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne. [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit to David Grogan of the Chromium development community. [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside extensions. Credit to Devdatta Akhawe, UC Berkeley. [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection. Credit to Aki Helin of OUSPG. [105459] High CVE-2011-3958: Bad casts with column spans. Credit to miaubiz. [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to Aki Helin of OUSPG. [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding. Credit to Aki Helin of OUSPG. [108871] Critical CVE-2011-3961: Race condition after crash of utility process. Credit to Shawn Goertzen. [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit to Aki Helin of OUSPG. [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image handling. Credit to Atte Kettunen of OUSPG. [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to Code Audit Labs of VulnHunt.com. [109664] Low CVE-2011-3965: Crash in signature check. Credit to Slawomir Blazek. [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling. Credit to Aki Helin of OUSPG. [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben Carrillo. [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to Arthur Gerkis. [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to Arthur Gerkis. [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG. [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit to Arthur Gerkis. [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator. Credit to Google Chrome Security Team (Inferno).
    last seen2020-06-01
    modified2020-06-02
    plugin id57883
    published2012-02-10
    reporterThis script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57883
    titleFreeBSD : chromium -- multiple vulnerabilities (fe1976c2-5317-11e1-9e99-00262d5ed8ee)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1325.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes multiple security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. (CVE-2012-3515) This flaw did not affect the default use of Red Hat Enterprise Virtualization Hypervisor: it is not possible to add a device that uses a virtual console back-end via Red Hat Enterprise Virtualization Manager. To specify a virtual console back-end for a device and therefore be vulnerable to this issue, the device would have to be created another way, for example, by using a VDSM hook. Note that at this time hooks can only be used on Red Hat Enterprise Linux hosts, not Red Hat Enterprise Virtualization Hypervisor. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id78935
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78935
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2012:1325)
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_1_BUILD_1063671_REMOTE.NASL
    descriptionThe remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An integer overflow condition exists in the glibc library in the __tzfile_read() function that allows a denial of service or arbitrary code execution. (CVE-2009-5029) - An error exists in the glibc library related to modified loaders and
    last seen2020-06-01
    modified2020-06-02
    plugin id70886
    published2013-11-13
    reporterThis script is (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70886
    titleESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1265.NASL
    descriptionFrom Red Hat Security Advisory 2012:1265 : Updated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202) All libxslt users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libxslt must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68622
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68622
    titleOracle Linux 5 / 6 : libxslt (ELSA-2012-1265)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1595-1.NASL
    descriptionChris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2011-1202) It was discovered that libxslt incorrectly parsed certain patterns. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2011-3970) Nicholas Gregoire discovered that libxslt incorrectly handled unexpected DTD nodes. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2012-2825) Nicholas Gregoire discovered that libxslt incorrectly managed memory. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2012-2870) Nicholas Gregoire discovered that libxslt incorrectly handled certain transforms. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service, or possibly execute arbitrary code. (CVE-2012-2871) Cris Neckar discovered that libxslt incorrectly managed memory. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service, or possibly execute arbitrary code. (CVE-2012-2893). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62435
    published2012-10-05
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62435
    titleUbuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libxslt vulnerabilities (USN-1595-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120913_LIBXSLT_ON_SL5_X.NASL
    descriptionA heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202) All running applications linked against libxslt must be restarted for this update to take effect.
    last seen2020-03-18
    modified2012-09-15
    plugin id62107
    published2012-09-15
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62107
    titleScientific Linux Security Update : libxslt on SL5.x, SL6.x i386/x86_64 (20120913)
  • NASL familyWindows
    NASL idGOOGLE_CHROME_17_0_963_46.NASL
    descriptionThe version of Google Chrome installed on the remote host is earlier than 17.0.963.46 and is, therefore, affected by the following vulnerabilities: - Clipboard monitoring after a paste action is possible. (CVE-2011-3953) - Application crashes are possible with excessive database usage, killing an
    last seen2020-06-01
    modified2020-06-02
    plugin id57876
    published2012-02-09
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57876
    titleGoogle Chrome < 17.0.963.46 Multiple Vulnerabilities
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2012-123.NASL
    descriptionA heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825 , CVE-2012-2870 , CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202)
    last seen2020-06-01
    modified2020-06-02
    plugin id69613
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69613
    titleAmazon Linux AMI : libxslt (ALAS-2012-123)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1265.NASL
    descriptionUpdated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202) All libxslt users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libxslt must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id62090
    published2012-09-14
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62090
    titleRHEL 5 / 6 : libxslt (RHSA-2012:1265)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201202-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201202-01 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, information leak (clipboard contents), bypass of the Same Origin Policy, or escape from NativeClient
    last seen2020-06-01
    modified2020-06-02
    plugin id58025
    published2012-02-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58025
    titleGLSA-201202-01 : Chromium: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-108.NASL
    descriptionFix crash due to out of bounds read in libxslt
    last seen2020-06-05
    modified2014-06-13
    plugin id74544
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74544
    titleopenSUSE Security Update : libxslt (openSUSE-2012-108)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBXSLT-131106.NASL
    descriptionlibxslt received a security update to fix a security issue : - The XSL implementation in libxslt allowed remote attackers to cause a denial of service (crash) via an invalid DTD. (addendum due to incomplete fix for CVE-2012-2825). (CVE-2013-4520)
    last seen2020-06-05
    modified2013-11-12
    plugin id70843
    published2013-11-12
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70843
    titleSuSE 11.2 / 11.3 Security Update : libxslt (SAT Patch Numbers 8500 / 8501)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2013-0001.NASL
    descriptiona. VMware vSphere client-side authentication memory corruption vulnerability VMware vCenter Server, vSphere Client, and ESX contain a vulnerability in the handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince either vCenter Server, vSphere Client or ESX to interact with a malicious server as a client. Exploitation of the issue may lead to code execution on the client system. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2013-1405 to this issue. b. Update to ESX/ESXi libxml2 userworld and service console The ESX/ESXi userworld libxml2 library has been updated to resolve multiple security issues. Also, the ESX service console libxml2 packages are updated to the following versions : libxml2-2.6.26-2.1.15.el5_8.5 libxml2-python-2.6.26-2.1.15.el5_8.5 These updates fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3102 and CVE-2012-2807 to these issues. c. Update to ESX service console bind packages The ESX service console bind packages are updated to the following versions : bind-libs-9.3.6-20.P1.el5_8.2 bind-utils-9.3.6-20.P1.el5_8.2 These updates fix a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-4244 to this issue. d. Update to ESX service console libxslt package The ESX service console libxslt package is updated to version libxslt-1.1.17-4.el5_8.3 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, and CVE-2012-2871 to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id64642
    published2013-02-16
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64642
    titleVMSA-2013-0001 : VMware vSphere security updates for the authentication service and third-party libraries
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-028.NASL
    descriptionA vulnerability has been found and corrected in libxslt : libxslt allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors (CVE-2011-3970). The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id58178
    published2012-03-01
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58178
    titleMandriva Linux Security Advisory : libxslt (MDVSA-2012:028)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-14048.NASL
    descriptionLot of security fixes and a few other bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-09-27
    plugin id62326
    published2012-09-27
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62326
    titleFedora 16 : libxslt-1.1.26-9.fc16 (2012-14048)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_LIBXSLT-120214.NASL
    descriptionlibxslt was prone to an out-of-bounds read flaw when parsing certain patterns (CVE-2011-3970). This could lead to a Denial of Service.
    last seen2020-06-05
    modified2014-06-13
    plugin id75939
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75939
    titleopenSUSE Security Update : libxslt (openSUSE-SU-2012:0343-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-142.NASL
    descriptionChromium version 19.0.1046 and v8 version 3.9.7.0 fix several security issues.
    last seen2020-06-05
    modified2014-06-13
    plugin id74563
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74563
    titleopenSUSE Security Update : chromium / v8 (openSUSE-2012-142)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-15716.NASL
    descriptionFix a default namespace regression in 1.1.27 Upstream new release also including a number of security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-12-10
    plugin id63195
    published2012-12-10
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63195
    titleFedora 18 : libxslt-1.1.27-2.fc18 (2012-15716)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201203-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201203-08 (libxslt: Denial of Service) An out of bounds read error has been found in libxslt/pattern.c in libxslt. Impact : A remote attacker could entice a user to process an XML file using a specially crafted XSLT stylesheet in an application linked against libxslt, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-04-18
    modified2012-03-06
    plugin id58218
    published2012-03-06
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58218
    titleGLSA-201203-08 : libxslt: Denial of Service
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1265.NASL
    descriptionUpdated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202) All libxslt users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libxslt must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id62085
    published2012-09-14
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62085
    titleCentOS 5 / 6 : libxslt (CESA-2012:1265)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBXSLT-8019.NASL
    descriptionlibxslt was prone to an out-of-bounds read flaw when parsing certain patterns (CVE-2011-3970). This could have lead to a denial of service and is fixed with this update.
    last seen2020-06-05
    modified2012-04-06
    plugin id58616
    published2012-04-06
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58616
    titleSuSE 10 Security Update : libxslt (ZYPP Patch Number 8019)

Oval

accepted2013-08-12T04:06:45.881-04:00
classvulnerability
contributors
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentGoogle Chrome is installed
ovaloval:org.mitre.oval:def:11914
descriptionlibxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
familywindows
idoval:org.mitre.oval:def:14818
statusaccepted
submitted2012-02-10T15:34:33.178-04:00
titlelibxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
version46

Redhat

rpms
  • libxslt-0:1.1.17-4.el5_8.3
  • libxslt-0:1.1.26-2.el6_3.1
  • libxslt-debuginfo-0:1.1.17-4.el5_8.3
  • libxslt-debuginfo-0:1.1.26-2.el6_3.1
  • libxslt-devel-0:1.1.17-4.el5_8.3
  • libxslt-devel-0:1.1.26-2.el6_3.1
  • libxslt-python-0:1.1.17-4.el5_8.3
  • libxslt-python-0:1.1.26-2.el6_3.1