The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:25
Type | Values Removed | Values Added |
---|---|---|
References | () http://code.google.com/p/chromium/issues/detail?id=73716 - Exploit, Issue Tracking, Patch, Vendor Advisory | |
References | () http://downloads.avaya.com/css/P8/documents/100144158 - Third Party Advisory | |
References | () http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f - Patch, Third Party Advisory | |
References | () http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html - Vendor Advisory | |
References | () http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html - Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 - Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2012:164 - Third Party Advisory | |
References | () http://www.securityfocus.com/bid/46785 - Third Party Advisory, VDB Entry | |
References | () http://www.vupen.com/english/advisories/2011/0628 - Permissions Required | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=684386 - Issue Tracking, Third Party Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/65966 - Third Party Advisory, VDB Entry | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244 - Third Party Advisory |
Information
Published : 2011-03-11 02:01
Updated : 2024-11-21 01:25
NVD link : CVE-2011-1202
Mitre link : CVE-2011-1202
CVE.ORG link : CVE-2011-1202
JSON object : View
Products Affected
xmlsoft
- libxslt
- chrome
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor