← Retour aux CVEs
CVE-2017-5029
HIGH8.8
Description
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie4/24/2017
Derniere modification4/20/2025
Sourcenvd
Observations honeypot0
Produits affectes
apple:macosdebian:debian_linuxgoogle:androidgoogle:chromelinux:linux_kernelmicrosoft:windowsredhat:enterprise_linux_desktopredhat:enterprise_linux_serverredhat:enterprise_linux_workstationxmlsoft:libxslt
Faiblesses (CWE)
CWE-787
References
http://rhn.redhat.com/errata/RHSA-2017-0499.html(chrome-cve-admin@google.com)
http://www.debian.org/security/2017/dsa-3810(chrome-cve-admin@google.com)
http://www.securityfocus.com/bid/96767(chrome-cve-admin@google.com)
http://www.securitytracker.com/id/1038157(chrome-cve-admin@google.com)
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html(chrome-cve-admin@google.com)
https://crbug.com/676623(chrome-cve-admin@google.com)
https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5(chrome-cve-admin@google.com)
http://rhn.redhat.com/errata/RHSA-2017-0499.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2017/dsa-3810(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/96767(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1038157(af854a3a-2127-422b-91ae-364da2661108)
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html(af854a3a-2127-422b-91ae-364da2661108)
https://crbug.com/676623(af854a3a-2127-422b-91ae-364da2661108)
https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.