CVE-2012-2870

Severity

43%

Complexity

86%

Confidentiality

48%

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

First reported 12 years ago

2012-08-31 19:55:00

Last updated 11 years ago

2014-01-28 04:45:00

Affected Software

Apple iPhone OS 1.0.0

1.0.0

Apple iPhone OS 1.0.1

1.0.1

Apple iPhone OS 1.0.2

1.0.2

Apple iPhone OS 1.1.0

1.1.0

Apple iPhone OS 1.1.1

1.1.1

Apple iPhone OS 1.1.2

1.1.2

Apple iPhone OS 1.1.3

1.1.3

Apple iPhone OS 1.1.4

1.1.4

Apple iPhone OS 1.1.5

1.1.5

Apple iPhone OS 2.0

2.0

Apple iPhone OS 2.0.0

2.0.0

Apple iPhone OS 2.0.1

2.0.1

Apple iPhone OS 2.0.2

2.0.2

Apple iPhone OS 2.1

2.1

Apple iPhone OS 2.1.1

2.1.1

Apple iPhone OS 2.2

2.2

Apple iPhone OS 2.2.1

2.2.1

Apple iPhone OS 3.0

3.0

Apple iPhone OS 3.0.1

3.0.1

Apple iPhone OS 3.1

3.1

Apple iPhone OS 3.1.2

3.1.2

Apple iPhone OS 3.1.3

3.1.3

Apple iPhone OS 3.2

3.2

Apple iPhone OS 3.2.1

3.2.1

Apple iPhone OS 3.2.2

3.2.2

Apple iPhone OS 4.0

4.0

Apple iPhone OS 4.0.1

4.0.1

Apple iPhone OS 4.0.2

4.0.2

Apple iPhone OS 4.1

4.1

Apple iPhone OS 4.2.1

4.2.1

Apple iPhone OS 4.2.5

4.2.5

Apple iPhone OS 4.2.8

4.2.8

Apple iPhone OS 4.3.0

4.3.0

Apple iPhone OS 4.3.1

4.3.1

Apple iPhone OS 4.3.2

4.3.2

Apple iPhone OS 4.3.3

4.3.3

Apple iPhone OS 4.3.5

4.3.5

Apple iPhone OS 5.0

5.0

Apple iPhone OS 5.0.1

5.0.1

Apple iPhone OS 5.1

5.1

Apple iPhone OS 5.1.1

5.1.1

Apple iPhone OS 6.0

6.0

Apple iPhone OS 6.0.1

6.0.1

Apple iPhone OS 6.0.2

6.0.2

Apple iPhone OS 6.1

6.1

Apple iPhone OS 6.1.2

6.1.2

Apple iPhone OS 6.1.3

6.1.3

Google Chrome 21.0.1180.0

21.0.1180.0

Google Chrome 21.0.1180.1

21.0.1180.1

Google Chrome 21.0.1180.2

21.0.1180.2

Google Chrome 21.0.1180.31

21.0.1180.31

Google Chrome 21.0.1180.32

21.0.1180.32

Google Chrome 21.0.1180.33

21.0.1180.33

Google Chrome 21.0.1180.34

21.0.1180.34

Google Chrome 21.0.1180.35

21.0.1180.35

Google Chrome 21.0.1180.36

21.0.1180.36

Google Chrome 21.0.1180.37

21.0.1180.37

Google Chrome 21.0.1180.38

21.0.1180.38

Google Chrome 21.0.1180.39

21.0.1180.39

Google Chrome 21.0.1180.41

21.0.1180.41

Google Chrome 21.0.1180.46

21.0.1180.46

Google Chrome 21.0.1180.47

21.0.1180.47

Google Chrome 21.0.1180.48

21.0.1180.48

Google Chrome 21.0.1180.49

21.0.1180.49

Google Chrome 21.0.1180.50

21.0.1180.50

Google Chrome 21.0.1180.51

21.0.1180.51

Google Chrome 21.0.1180.52

21.0.1180.52

Google Chrome 21.0.1180.53

21.0.1180.53

Google Chrome 21.0.1180.54

21.0.1180.54

Google Chrome 21.0.1180.55

21.0.1180.55

Google Chrome 21.0.1180.56

21.0.1180.56

Google Chrome 21.0.1180.57

21.0.1180.57

Google Chrome 21.0.1180.59

21.0.1180.59

Google Chrome 21.0.1180.60

21.0.1180.60

Google Chrome 21.0.1180.61

21.0.1180.61

Google Chrome 21.0.1180.62

21.0.1180.62

Google Chrome 21.0.1180.63

21.0.1180.63

Google Chrome 21.0.1180.64

21.0.1180.64

Google Chrome 21.0.1180.68

21.0.1180.68

Google Chrome 21.0.1180.69

21.0.1180.69

Google Chrome 21.0.1180.70

21.0.1180.70

Google Chrome 21.0.1180.71

21.0.1180.71

Google Chrome 21.0.1180.72

21.0.1180.72

Google Chrome 21.0.1180.73

21.0.1180.73

Google Chrome 21.0.1180.74

21.0.1180.74

Google Chrome 21.0.1180.75

21.0.1180.75

Google Chrome 21.0.1180.76

21.0.1180.76

Google Chrome 21.0.1180.77

21.0.1180.77

Google Chrome 21.0.1180.78

21.0.1180.78

Google Chrome 21.0.1180.79

21.0.1180.79

Google Chrome 21.0.1180.80

21.0.1180.80

Google Chrome 21.0.1180.81

21.0.1180.81

Google Chrome 21.0.1180.82

21.0.1180.82

Google Chrome 21.0.1180.83

21.0.1180.83

Google Chrome 21.0.1180.84

21.0.1180.84

Google Chrome 21.0.1180.85

21.0.1180.85

Google Chrome 21.0.1180.86

21.0.1180.86

Google Chrome 21.0.1180.87

21.0.1180.87

XMLSoft libxslt 1.1.8

1.1.8

XMLSoft libxslt 1.1.9

1.1.9

XMLSoft libxslt 1.1.10

1.1.10

XMLSoft libxslt 1.1.11

1.1.11

XMLSoft libxslt 1.1.12

1.1.12

XMLSoft libxslt 1.1.13

1.1.13

XMLSoft libxslt 1.1.14

1.1.14

XMLSoft libxslt 1.1.15

1.1.15

XMLSoft libxslt 1.1.16

1.1.16

XMLSoft libxslt 1.1.17

1.1.17

XMLSoft libxslt 1.1.18

1.1.18

XMLSoft libxslt 1.1.19

1.1.19

XMLSoft libxslt 1.1.20

1.1.20

XMLSoft libxslt 1.1.21

1.1.21

XMLSoft libxslt 1.1.22

1.1.22

XMLSoft libxslt 1.1.23

1.1.23

XMLSoft libxslt 1.1.24

1.1.24

References

http://code.google.com/p/chromium/issues/detail?id=138672

http://code.google.com/p/chromium/issues/detail?id=140368

http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html

Vendor Advisory

APPLE-SA-2013-10-22-8

APPLE-SA-2013-09-18-2

openSUSE-SU-2012:1215

50838

54886

http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684&r2=149998

Exploit, Patch

http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log

http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654&r2=150123

Patch