Lucene search

Veracode Vulnerability DatabaseVERACODE:7080

HistoryJul 17, 2018 - 10:26 a.m.

Denial Of Service (DoS)

2018-07-1710:26:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

libxslt.so is vulnerable to denial of service (DoS) attacks. The library does not properly handle namespace nodes, allowing a malicious user to pass a file to the application to cause an out-of-bounds memory heap-access that can crash the application or execute arbitrary code.

CPENameOperatorVersion
libxslt.sole1.1.28
libxslteq1.1.28
libxslt.sole1.1.28
libxslteq1.1.28

Name	Operator	Version
libxslt.so	le	1.1.28
libxslt	eq	1.1.28
libxslt.so	le	1.1.28
libxslt	eq	1.1.28

References

googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html

lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

lists.apple.com/archives/security-announce/2016/Jul/msg00002.html

lists.apple.com/archives/security-announce/2016/Jul/msg00003.html

lists.apple.com/archives/security-announce/2016/Jul/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html

www.debian.org/security/2016/dsa-3590

www.debian.org/security/2016/dsa-3605

www.securityfocus.com/bid/90876

www.securityfocus.com/bid/91826

www.securitytracker.com/id/1035981

www.ubuntu.com/usn/USN-2992-1

access.redhat.com/errata/RHSA-2016:1190

bugzilla.redhat.com/show_bug.cgi?id=1340016

crbug.com/583156

git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242

gitlab.gnome.org/GNOME/libxslt/commit/d182d8f6ba3071503d96ce17395c9d55871f0242

security.gentoo.org/glsa/201607-07

support.apple.com/HT206899

support.apple.com/HT206901

support.apple.com/HT206902

support.apple.com/HT206903

support.apple.com/HT206904

support.apple.com/HT206905

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:7080