CVE-2011-1202
Description
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
0.644
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Updates for Google Chrome (66.0.3359.170) | Windows |
| Updates for Google Chrome (x64) (66.0.3359.170) | Windows |
| Updates for Google Chrome (66.0.3359.181) | Windows |
| Updates for Google Chrome (x64) (66.0.3359.181) | Windows |
| Updates for Google Chrome (67.0.3396.62) | Windows |
| Updates for Google Chrome (x64) (67.0.3396.62) | Windows |
| Updates for Google Chrome (67.0.3396.79) | Windows |
| Updates for Google Chrome (x64) (67.0.3396.79) | Windows |
| Updates for Google Chrome (67.0.3396.87) | Windows |
| Updates for Google Chrome (x64) (67.0.3396.87) | Windows |
| Google Chrome (67.0.3396.99) | Windows |
| Google Chrome (x64) (67.0.3396.99) | Windows |
| Multiple vulnerabilities affected in Chrome (x64) 10.0.6910.0(x64) | Windows |
| Multiple vulnerabilities affected in Chrome 10.0.6910.0 | Windows |
| XSLT processing library (USN-1595-1) libxslt1.1_1.1.26-8ubuntu1.3_i386.deb | Linux |
| XSLT processing library (USN-1595-1) libxslt1.1_1.1.26-8ubuntu1.3_amd64.deb | Linux |
| Libxslt update (CESA-2012:1265) libxslt-1.1.26-2.el6_3.1.i686.rpm | Linux |
| Libxslt update (CESA-2012:1265) libxslt-1.1.26-2.el6_3.1.x86_64.rpm | Linux |
| Libxslt update (CESA-2012:1265) libxslt-devel-1.1.26-2.el6_3.1.i686.rpm | Linux |
| Libxslt update (CESA-2012:1265) libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm | Linux |
| Libxslt update (CESA-2012:1265) libxslt-python-1.1.26-2.el6_3.1.i686.rpm | Linux |
| Libxslt update (CESA-2012:1265) libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm | Linux |
| (RHSA-2012:1265) Important: libxslt security update libxslt-1.1.17-4.el5_8.3.i386.rpm | Linux |
| (RHSA-2012:1265) Important: libxslt security update libxslt-1.1.17-4.el5_8.3.x86_64.rpm | Linux |
| (RHSA-2012:1265) Important: libxslt security update libxslt-1.1.26-2.el6_3.1.i686.rpm | Linux |
| (RHSA-2012:1265) Important: libxslt security update libxslt-1.1.26-2.el6_3.1.x86_64.rpm | Linux |
| (RHSA-2012:1265) Important: libxslt security update libxslt-devel-1.1.17-4.el5_8.3.i386.rpm | Linux |
| (RHSA-2012:1265) Important: libxslt security update libxslt-devel-1.1.17-4.el5_8.3.x86_64.rpm | Linux |
| (RHSA-2012:1265) Important: libxslt security update libxslt-devel-1.1.26-2.el6_3.1.i686.rpm | Linux |
| (RHSA-2012:1265) Important: libxslt security update libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm | Linux |
| (RHSA-2012:1265) Important: libxslt security update libxslt-python-1.1.17-4.el5_8.3.i386.rpm | Linux |
| (RHSA-2012:1265) Important: libxslt security update libxslt-python-1.1.17-4.el5_8.3.x86_64.rpm | Linux |
| (RHSA-2012:1265) Important: libxslt security update libxslt-python-1.1.26-2.el6_3.1.i686.rpm | Linux |
| (RHSA-2012:1265) Important: libxslt security update libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm | Linux |
| Libxslt update (ELSA-2012-1265) libxslt-1.1.26-2.0.2.el6_3.1.x86_64.rpm | Linux |
| Libxslt-devel update (ELSA-2012-1265) libxslt-devel-1.1.26-2.0.2.el6_3.1.x86_64.rpm | Linux |
| Libxslt-python update (ELSA-2012-1265) libxslt-python-1.1.26-2.0.2.el6_3.1.x86_64.rpm | Linux |
| Libxslt update (ELSA-2012-1265) libxslt-1.1.26-2.0.2.el6_3.1.i686.rpm | Linux |
| Libxslt-devel update (ELSA-2012-1265) libxslt-devel-1.1.26-2.0.2.el6_3.1.i686.rpm | Linux |
| Libxslt-python update (ELSA-2012-1265) libxslt-python-1.1.26-2.0.2.el6_3.1.i686.rpm | Linux |
| Updates for Google Chrome (66.0.3359.170) (For Ubuntu) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For Debian) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Debian) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Debian) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Debian) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Debian) | Linux |
| Google Chrome (67.0.3396.99) (For Debian) | Linux |
| Multiple vulnerabilities affected in Chrome 10.0.6910.0 (For Debian) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For Centos) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Centos) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Centos) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Centos) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Centos) | Linux |
| Google Chrome (67.0.3396.99) (For Centos) | Linux |
| Multiple vulnerabilities affected in Chrome 10.0.6910.0 (For Centos) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For RedHat) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For RedHat) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For RedHat) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For RedHat) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For RedHat) | Linux |
| Google Chrome (67.0.3396.99) (For RedHat) | Linux |
| Multiple vulnerabilities affected in Chrome 10.0.6910.0 (For RedHat) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For Suse) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Suse) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Suse) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Suse) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Suse) | Linux |
| Google Chrome (67.0.3396.99) (For Suse) | Linux |
| Multiple vulnerabilities affected in Chrome 10.0.6910.0 (For Suse) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Ubuntu) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Ubuntu) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Ubuntu) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Ubuntu) | Linux |
| Google Chrome (67.0.3396.99) (For Ubuntu) | Linux |
| Multiple vulnerabilities affected in Chrome 10.0.6910.0 (For Ubuntu) | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-307513 | Updates for Google Chrome (66.0.3359.170) |
| PATCH-307515 | Updates for Google Chrome (x64) (66.0.3359.170) |
| PATCH-307534 | Updates for Google Chrome (66.0.3359.181) |
| PATCH-307535 | Updates for Google Chrome (x64) (66.0.3359.181) |
| PATCH-307607 | Updates for Google Chrome (67.0.3396.62) |
| PATCH-307608 | Updates for Google Chrome (x64) (67.0.3396.62) |
| PATCH-307641 | Updates for Google Chrome (67.0.3396.79) |
| PATCH-307644 | Updates for Google Chrome (x64) (67.0.3396.79) |
| PATCH-307660 | Updates for Google Chrome (67.0.3396.87) |
| PATCH-307662 | Updates for Google Chrome (x64) (67.0.3396.87) |
| PATCH-307715 | Google Chrome (67.0.3396.99) |
| PATCH-307716 | Google Chrome (x64) (67.0.3396.99) |
| PATCH-313162 | Google Chrome (x64) (80.0.3987.132) |
| PATCH-313161 | Google Chrome (80.0.3987.132) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234