what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2012-2870

Status Candidate

Overview

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.

Related Files

Apple Security Advisory 2014-01-22-1
Posted Jan 24, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-01-22-1 - iTunes 11.1.4 is now available and addresses multiple security issues related to content control, code execution, and more. libxml and libxslt have also been updated to address memory corruption and code execution issues.

tags | advisory, code execution
systems | apple
advisories | CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-1024, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128, CVE-2014-1242
SHA-256 | 88e0818e053952a3bd2eb65f69993d1a072ba9bb5eaaa9ed5388a10cd7518e9e
Gentoo Linux Security Advisory 201401-07
Posted Jan 10, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-7 - Multiple Denial of Service vulnerabilities have been found in libxslt. Versions less than 1.1.28 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2870, CVE-2012-2893, CVE-2012-6139, CVE-2013-4520
SHA-256 | f23dd72c3b893d110a45c420e9dac3a0ca04e3ad16ed8dc28007045c29b7bbf2
Apple Security Advisory 2013-09-20-1
Posted Sep 20, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-20-1 - Apple TV 6.0 is now available and addresses 57 different vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2011-2391, CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-0879, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006, CVE-2013-1007, CVE-2013-1008, CVE-2013-1010
SHA-256 | 1829e75185a589dc360c1424fc0d1fcbf1d9598859d451423d0cc59a18b7b1c9
Apple Security Advisory 2013-09-18-2
Posted Sep 19, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-18-2 - iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core Media, Data Protection, and various other issues and vulnerabilities.

tags | advisory, vulnerability
systems | cisco, apple, ios
advisories | CVE-2011-2391, CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-0879, CVE-2013-0926, CVE-2013-0957, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006, CVE-2013-1007
SHA-256 | 28033ee75b46e43dd395d653bcaeafcb70f1b640306db4446062bdbfd7ff9c7f
Mandriva Linux Security Advisory 2013-047
Posted Apr 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-047 - The XSL implementation in libxslt allows remote attackers to cause a denial of service via unspecified vectors. libxslt 1.1.26 and earlier does not properly manage memory, which might allow remote attackers to cause a denial of service via a crafted XSLT expression that is not properly identified during XPath navigation, related to the xsltCompileLocationPathPattern function in libxslt/pattern.c and the xsltGenerateIdFunction function in libxslt/functions.c. libxml2 2.9.0-rc1 and earlier does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. Double free vulnerability in libxslt allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-2893
SHA-256 | 98161c0b908ae321ff7e41c26e4bb80ca14d2a7fa8b6e59bc0997cca1201e034
Mandriva Linux Security Advisory 2012-164
Posted Oct 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-164 - Unspecified vulnerability in XSLT allows remote attackers to obtain potentially sensitive information about heap memory addresses via unknown vectors. libxslt 1.1.26 and earlier does not properly manage memory, which might allow remote attackers to cause a denial of service via a crafted XSLT expression that is not properly identified during XPath navigation, related to the xsltCompileLocationPathPattern function in libxslt/pattern.c and the xsltGenerateIdFunction function in libxslt/functions.c. libxml2 2.9.0-rc1 and earlier does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. Double free vulnerability in libxslt allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-1202, CVE-2012-2870, CVE-2012-2871, CVE-2012-2893
SHA-256 | 9dc7d2ddc7d23c750e1d5fa6aec98c0a30701c70c16fd72c278d4e45c943ff4c
Debian Security Advisory 2555-1
Posted Oct 6, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2555-1 - Nicholas Gregoire and Cris Neckar discovered several memory handling bugs in libxslt, which could lead to denial of service or the execution of arbitrary code if a malformed document is processed.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2012-2870, CVE-2012-2871, CVE-2012-2893
SHA-256 | c959d5eab09fe98d37976ab22e1513cafb038267dffd27b4d6a167bf65b379b7
Ubuntu Security Notice USN-1595-1
Posted Oct 5, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1595-1 - Chris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.04. It was discovered that libxslt incorrectly parsed certain patterns. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-2893, CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-2893
SHA-256 | 5dada35384ea916fefdd03285e96612d7c197f764028a0915522b0f15010b138
Red Hat Security Advisory 2012-1265-01
Posted Sep 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1265-01 - libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871
SHA-256 | 9920cb411b2c3aa2362ffe225a52581712a70d0901996f2acabf529dcdc400d4
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close