Home

CVE-2017-5029

Description

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.374

Associated Vulnerability

VulnerabilityOS Platform
Update for iCloud (6.2.1.67)Windows
Update for iCloud (6.2.2.39)Windows
iCloud 6.2.2.39Windows
Update for iCloud (6.2.3.17)Windows
Updates for Google Chrome (66.0.3359.170)Windows
Updates for Google Chrome (x64) (66.0.3359.170)Windows
Updates for Google Chrome (66.0.3359.181)Windows
Updates for Google Chrome (x64) (66.0.3359.181)Windows
Updates for Google Chrome (67.0.3396.62)Windows
Updates for Google Chrome (x64) (67.0.3396.62)Windows
Updates for Google Chrome (67.0.3396.79)Windows
Updates for Google Chrome (x64) (67.0.3396.79)Windows
Updates for Google Chrome (67.0.3396.87)Windows
Updates for Google Chrome (x64) (67.0.3396.87)Windows
Google Chrome (67.0.3396.99)Windows
Google Chrome (x64) (67.0.3396.99)Windows
Vulnerabilities CVE-2017-5029 are fixed in Ruby-nokogiri 1.7.2Windows
Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1Windows
Web browser engine library for Qt (USN-2298-1) oxideqt-codecs_1.21.5-0ubuntu0.14.04.1_i386.debLinux
Web browser engine library for Qt (USN-2298-1) oxideqt-codecs_1.21.5-0ubuntu0.14.04.1_amd64.debLinux
Web browser engine library for Qt (USN-2298-1) oxideqt-codecs-extra_1.21.5-0ubuntu0.14.04.1_i386.debLinux
Web browser engine library for Qt (USN-2298-1) oxideqt-codecs-extra_1.21.5-0ubuntu0.14.04.1_amd64.debLinux
Web browser engine library for Qt (QML plugin) (USN-2521-1) oxideqt-chromedriver_1.21.5-0ubuntu0.14.04.1_i386.debLinux
Web browser engine library for Qt (QML plugin) (USN-2521-1) oxideqt-chromedriver_1.21.5-0ubuntu0.14.04.1_amd64.debLinux
Web browser engine for Qt (QML plugin) (USN-3113-1) liboxideqtcore0_1.21.5-0ubuntu0.14.04.1_i386.debLinux
Web browser engine for Qt (QML plugin) (USN-3113-1) liboxideqtcore0_1.21.5-0ubuntu0.14.04.1_amd64.debLinux
Web browser engine for Qt (QML plugin) (USN-3113-1) liboxideqtcore0_1.21.5-0ubuntu0.16.04.1_i386.debLinux
Web browser engine for Qt (QML plugin) (USN-3113-1) liboxideqtcore0_1.21.5-0ubuntu0.16.04.1_amd64.debLinux
Web browser engine for Qt (QML plugin) (USN-3153-1) liboxideqtcore0_1.21.5-0ubuntu0.16.10.1_i386.debLinux
Web browser engine for Qt (QML plugin) (USN-3153-1) liboxideqtcore0_1.21.5-0ubuntu0.16.10.1_amd64.debLinux
Web browser engine for Qt (QML plugin) (USN-3180-1) liboxideqtcore0_1.21.5-0ubuntu0.14.04.1_i386.debLinux
Web browser engine for Qt (QML plugin) (USN-3180-1) liboxideqtcore0_1.21.5-0ubuntu0.14.04.1_amd64.debLinux
Web browser engine for Qt (QML plugin) (USN-3180-1) liboxideqtcore0_1.21.5-0ubuntu0.16.04.1_i386.debLinux
Web browser engine for Qt (QML plugin) (USN-3180-1) liboxideqtcore0_1.21.5-0ubuntu0.16.04.1_amd64.debLinux
Web browser engine for Qt (QML plugin) (USN-3180-1) liboxideqtcore0_1.21.5-0ubuntu0.16.10.1_i386.debLinux
Web browser engine for Qt (QML plugin) (USN-3180-1) liboxideqtcore0_1.21.5-0ubuntu0.16.10.1_amd64.debLinux
Web browser engine for Qt (QML plugin) (USN-3236-1) liboxideqtcore0_1.21.5-0ubuntu0.14.04.1_i386.debLinux
Web browser engine for Qt (QML plugin) (USN-3236-1) liboxideqtcore0_1.21.5-0ubuntu0.14.04.1_amd64.debLinux
Web browser engine for Qt (QML plugin) (USN-3236-1) liboxideqtcore0_1.21.5-0ubuntu0.16.04.1_i386.debLinux
Web browser engine for Qt (QML plugin) (USN-3236-1) liboxideqtcore0_1.21.5-0ubuntu0.16.04.1_amd64.debLinux
Web browser engine for Qt (QML plugin) (USN-3236-1) liboxideqtcore0_1.21.5-0ubuntu0.16.10.1_i386.debLinux
Web browser engine for Qt (QML plugin) (USN-3236-1) liboxideqtcore0_1.21.5-0ubuntu0.16.10.1_amd64.debLinux
chromium-browser security update(DSA-3810-1) chromium_57.0.2987.98-1~deb8u1_i386.debLinux
chromium-browser security update(DSA-3810-1) chromium_57.0.2987.98-1~deb8u1_amd64.debLinux
Chromium 57.0.2987.98-1 deb8u1 for Debian GNU/Linux 8 (jessie) (x64) chromium_57.0.2987.98-1~deb8u1_amd64.debLinux
Chromium 57.0.2987.98-1 deb8u1 for Debian GNU/Linux 8 (jessie) chromium_57.0.2987.98-1~deb8u1_i386.debLinux
SUSE-SU-2017:1282-1(SUSE Linux Enterprise Server 11-SP4 ) libxslt-1.1.24-19.33.1.x86_64.rpmLinux
SUSE-SU-2017:1282-1(SUSE Linux Enterprise Server 11-SP4 ) libxslt-32bit-1.1.24-19.33.1.x86_64.rpmLinux
SUSE-SU-2017:1313-1(SUSE Linux Enterprise Desktop 12-SP1 ) libxslt-debugsource-1.1.28-16.1.x86_64.rpmLinux
SUSE-SU-2017:1313-1(SUSE Linux Enterprise Desktop 12-SP1 ) libxslt-tools-1.1.28-16.1.x86_64.rpmLinux
SUSE-SU-2017:1313-1(SUSE Linux Enterprise Desktop 12-SP1 ) libxslt-tools-debuginfo-1.1.28-16.1.x86_64.rpmLinux
SUSE-SU-2017:1313-1(SUSE Linux Enterprise Desktop 12-SP1 ) libxslt1-1.1.28-16.1.x86_64.rpmLinux
SUSE-SU-2017:1313-1(SUSE Linux Enterprise Desktop 12-SP1 ) libxslt1-32bit-1.1.28-16.1.x86_64.rpmLinux
SUSE-SU-2017:1313-1(SUSE Linux Enterprise Desktop 12-SP1 ) libxslt1-debuginfo-1.1.28-16.1.x86_64.rpmLinux
SUSE-SU-2017:1313-1(SUSE Linux Enterprise Desktop 12-SP1 ) libxslt1-debuginfo-32bit-1.1.28-16.1.x86_64.rpmLinux
Updates for Google Chrome (66.0.3359.170) (For Ubuntu)Linux
Updates for Google Chrome (66.0.3359.170) (For Debian)Linux
Updates for Google Chrome (66.0.3359.181) (For Debian)Linux
Updates for Google Chrome (67.0.3396.62) (For Debian)Linux
Updates for Google Chrome (67.0.3396.79) (For Debian)Linux
Updates for Google Chrome (67.0.3396.87) (For Debian)Linux
Google Chrome (67.0.3396.99) (For Debian)Linux
Updates for Google Chrome (66.0.3359.170) (For Centos)Linux
Updates for Google Chrome (66.0.3359.181) (For Centos)Linux
Updates for Google Chrome (67.0.3396.62) (For Centos)Linux
Updates for Google Chrome (67.0.3396.79) (For Centos)Linux
Updates for Google Chrome (67.0.3396.87) (For Centos)Linux
Google Chrome (67.0.3396.99) (For Centos)Linux
Updates for Google Chrome (66.0.3359.170) (For RedHat)Linux
Updates for Google Chrome (66.0.3359.181) (For RedHat)Linux
Updates for Google Chrome (67.0.3396.62) (For RedHat)Linux
Updates for Google Chrome (67.0.3396.79) (For RedHat)Linux
Updates for Google Chrome (67.0.3396.87) (For RedHat)Linux
Google Chrome (67.0.3396.99) (For RedHat)Linux
Updates for Google Chrome (66.0.3359.170) (For Suse)Linux
Updates for Google Chrome (66.0.3359.181) (For Suse)Linux
Updates for Google Chrome (67.0.3396.62) (For Suse)Linux
Updates for Google Chrome (67.0.3396.79) (For Suse)Linux
Updates for Google Chrome (67.0.3396.87) (For Suse)Linux
Google Chrome (67.0.3396.99) (For Suse)Linux
Updates for Google Chrome (66.0.3359.181) (For Ubuntu)Linux
Updates for Google Chrome (67.0.3396.62) (For Ubuntu)Linux
Updates for Google Chrome (67.0.3396.79) (For Ubuntu)Linux
Updates for Google Chrome (67.0.3396.87) (For Ubuntu)Linux
Google Chrome (67.0.3396.99) (For Ubuntu)Linux
Vulnerabilities CVE-2017-5029 are fixed in Ruby-nokogiri for Linux 1.7.2Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-303316Update for iCloud (6.2.1.67)
PATCH-305759Update for iCloud (6.2.2.39)
PATCH-316162iCloud (7.21.0.23) (Deployment-Only)
PATCH-306105Update for iCloud (6.2.3.17)
PATCH-307513Updates for Google Chrome (66.0.3359.170)
PATCH-307515Updates for Google Chrome (x64) (66.0.3359.170)
PATCH-307534Updates for Google Chrome (66.0.3359.181)
PATCH-307535Updates for Google Chrome (x64) (66.0.3359.181)
PATCH-307607Updates for Google Chrome (67.0.3396.62)
PATCH-307608Updates for Google Chrome (x64) (67.0.3396.62)
PATCH-307641Updates for Google Chrome (67.0.3396.79)
PATCH-307644Updates for Google Chrome (x64) (67.0.3396.79)
PATCH-307660Updates for Google Chrome (67.0.3396.87)
PATCH-307662Updates for Google Chrome (x64) (67.0.3396.87)
PATCH-307715Google Chrome (67.0.3396.99)
PATCH-307716Google Chrome (x64) (67.0.3396.99)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234