Описание
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 57.0.2987.98-0ubuntu1.1348 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [58.0.3029.81-0ubuntu0.14.04.1172]] |
| precise | ignored | |
| precise/esm | DNE | precise was ignored |
| trusty | released | 58.0.3029.81-0ubuntu0.14.04.1172 |
| trusty/esm | DNE | trusty was released [58.0.3029.81-0ubuntu0.14.04.1172] |
| upstream | released | 57.0.2987.98 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 57.0.2987.98-0ubuntu0.16.04.1276 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.1.29-2.1 |
| esm-infra-legacy/trusty | released | 1.1.28-2ubuntu0.1 |
| esm-infra/xenial | released | 1.1.28-2.1ubuntu0.1 |
| precise | released | 1.1.26-8ubuntu1.4 |
| precise/esm | not-affected | 1.1.26-8ubuntu1.4 |
| trusty | released | 1.1.28-2ubuntu0.1 |
| trusty/esm | released | 1.1.28-2ubuntu0.1 |
| upstream | needed | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.21.5-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.21.5-0ubuntu0.14.04.1]] |
| esm-infra/xenial | released | 1.21.5-0ubuntu0.16.04.1 |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | released | 1.21.5-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [1.21.5-0ubuntu0.14.04.1] |
| upstream | released | 1.21.5 |
| vivid/stable-phone-overlay | ignored | end of life |
| vivid/ubuntu-core | DNE |
Показывать по
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
The xsltAddTextString function in transform.c in libxslt 1.1.29, as us ...
Nokogiri implementation of libxslt lacks integer overflow checks
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3