Out-of-bounds Write Affecting libxslt package, versions <1.1.29-r1
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-ALPINE314-LIBXSLT-1306975
- published 24 Apr 2017
- disclosed 24 Apr 2017
Introduced: 24 Apr 2017
CVE-2017-5029 Open this link in a new tabHow to fix?
Upgrade Alpine:3.14 libxslt to version 1.1.29-r1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream libxslt package and not the libxslt package as distributed by Alpine.
See How to fix? for Alpine:3.14 relevant fixed versions and status.
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
References
- https://crbug.com/676623
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029
- http://www.debian.org/security/2017/dsa-3810
- https://security-tracker.debian.org/tracker/CVE-2017-5029
- https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
- https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
- http://rhn.redhat.com/errata/RHSA-2017-0499.html
- http://www.securityfocus.com/bid/96767
- http://www.securitytracker.com/id/1038157
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5029