Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2870

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2870
Last Modified 27 Jan 2014 11:45:36
Published 31 Aug 2012 03:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2870

Summary

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.

Vulnerable Systems

Operating System

  • Apple Iphone Os 1.0.0

  • Apple Iphone Os 1.0.1

  • Apple Iphone Os 1.0.2

  • Apple Iphone Os 1.1.0

  • Apple Iphone Os 1.1.1

  • Apple Iphone Os 1.1.2

  • Apple Iphone Os 1.1.3

  • Apple Iphone Os 1.1.4

  • Apple Iphone Os 1.1.5

  • Apple Iphone Os 2.0

  • Apple Iphone Os 2.0.0

  • Apple Iphone Os 2.0.1

  • Apple Iphone Os 2.0.2

  • Apple Iphone Os 2.1

  • Apple Iphone Os 2.1.1

  • Apple Iphone Os 2.2

  • Apple Iphone Os 2.2.1

  • Apple Iphone Os 3.0

  • Apple Iphone Os 3.0.1

  • Apple Iphone Os 3.1

  • Apple Iphone Os 3.1.2

  • Apple Iphone Os 3.1.3

  • Apple Iphone Os 3.2

  • Apple Iphone Os 3.2.1

  • Apple Iphone Os 3.2.2

  • Apple Iphone Os 4.0

  • Apple Iphone Os 4.0.1

  • Apple Iphone Os 4.0.2

  • Apple Iphone Os 4.1

  • Apple Iphone Os 4.2.1

  • Apple Iphone Os 4.2.5

  • Apple Iphone Os 4.2.8

  • Apple Iphone Os 4.3.0

  • Apple Iphone Os 4.3.1

  • Apple Iphone Os 4.3.2

  • Apple Iphone Os 4.3.3

  • Apple Iphone Os 4.3.5

  • Apple Iphone Os 5.0

  • Apple Iphone Os 5.0.1

  • Apple Iphone Os 5.1

  • Apple Iphone Os 5.1.1

  • Apple Iphone Os 6.0

  • Apple Iphone Os 6.0.1

  • Apple Iphone Os 6.0.2

  • Apple Iphone Os 6.1

  • Apple Iphone Os 6.1.2

  • Apple Iphone Os 6.1.3

  • Apple Iphone Os 6.1.4

Application

  • Google Chrome 21.0.1180.0

  • Google Chrome 21.0.1180.1

  • Google Chrome 21.0.1180.2

  • Google Chrome 21.0.1180.31

  • Google Chrome 21.0.1180.32

  • Google Chrome 21.0.1180.33

  • Google Chrome 21.0.1180.34

  • Google Chrome 21.0.1180.35

  • Google Chrome 21.0.1180.36

  • Google Chrome 21.0.1180.37

  • Google Chrome 21.0.1180.38

  • Google Chrome 21.0.1180.39

  • Google Chrome 21.0.1180.41

  • Google Chrome 21.0.1180.46

  • Google Chrome 21.0.1180.47

  • Google Chrome 21.0.1180.48

  • Google Chrome 21.0.1180.49

  • Google Chrome 21.0.1180.50

  • Google Chrome 21.0.1180.51

  • Google Chrome 21.0.1180.52

  • Google Chrome 21.0.1180.53

  • Google Chrome 21.0.1180.54

  • Google Chrome 21.0.1180.55

  • Google Chrome 21.0.1180.56

  • Google Chrome 21.0.1180.57

  • Google Chrome 21.0.1180.59

  • Google Chrome 21.0.1180.60

  • Google Chrome 21.0.1180.61

  • Google Chrome 21.0.1180.62

  • Google Chrome 21.0.1180.63

  • Google Chrome 21.0.1180.64

  • Google Chrome 21.0.1180.68

  • Google Chrome 21.0.1180.69

  • Google Chrome 21.0.1180.70

  • Google Chrome 21.0.1180.71

  • Google Chrome 21.0.1180.72

  • Google Chrome 21.0.1180.73

  • Google Chrome 21.0.1180.74

  • Google Chrome 21.0.1180.75

  • Google Chrome 21.0.1180.76

  • Google Chrome 21.0.1180.77

  • Google Chrome 21.0.1180.78

  • Google Chrome 21.0.1180.79

  • Google Chrome 21.0.1180.80

  • Google Chrome 21.0.1180.81

  • Google Chrome 21.0.1180.82

  • Google Chrome 21.0.1180.83

  • Google Chrome 21.0.1180.84

  • Google Chrome 21.0.1180.85

  • Google Chrome 21.0.1180.86

  • Google Chrome 21.0.1180.87

  • Google Chrome 21.0.1180.88

  • Xmlsoft Libxslt 1.1.10

  • Xmlsoft Libxslt 1.1.11

  • Xmlsoft Libxslt 1.1.12

  • Xmlsoft Libxslt 1.1.13

  • Xmlsoft Libxslt 1.1.14

  • Xmlsoft Libxslt 1.1.15

  • Xmlsoft Libxslt 1.1.16

  • Xmlsoft Libxslt 1.1.17

  • Xmlsoft Libxslt 1.1.18

  • Xmlsoft Libxslt 1.1.19

  • Xmlsoft Libxslt 1.1.20

  • Xmlsoft Libxslt 1.1.21

  • Xmlsoft Libxslt 1.1.22

  • Xmlsoft Libxslt 1.1.23

  • Xmlsoft Libxslt 1.1.24

  • Xmlsoft Libxslt 1.1.26

  • Xmlsoft Libxslt 1.1.8

  • Xmlsoft Libxslt 1.1.9


References

CONFIRM - https://chromiumcodereview.appspot.com/10830177

CONFIRM - https://chromiumcodereview.appspot.com/10823168

CONFIRM - http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log

CONFIRM - http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654&r2=150123

CONFIRM - http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log

CONFIRM - http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684&r2=149998

CONFIRM - http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html

CONFIRM - http://code.google.com/p/chromium/issues/detail?id=140368

CONFIRM - http://code.google.com/p/chromium/issues/detail?id=138672

DEBIAN - DSA-2555

SUSE - openSUSE-SU-2012:1215

SECUNIA - 50838

MANDRIVA - MDVSA-2012:164

CONFIRM - http://support.apple.com/kb/HT5934

APPLE - APPLE-SA-2013-09-18-2

SECUNIA - 54886

APPLE - APPLE-SA-2013-10-22-8

CONFIRM - http://support.apple.com/kb/HT6001

Related Patches

SUN125731-09 Solaris 10 SPARC: XML and XSLT libraries patch (Rev 2)

SUN125732-09 Solaris 10 x86: XML and XSLT libraries patch (Rev 2)

Red Hat 2012:1265-02 RHSA Important: libxslt security update for RHEL 5 x86

Apple iTunes 11.1.2 for Windows (Update) (All Languages) (See Notes)


Last Updated: 27 May 2016 11:00:26