CVE-2012-2870 in iOSinfo

Summary

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

05/19/2012

Disclosure

08/31/2012

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
10338	Apple iOS libxslt resource management	399	Not defined	Official fix	CVE-2012-2870
6077	Google Chrome Xpath functions.c xsltGenerateIdFunction resource management	399	Proof-of-Concept	Official fix	CVE-2012-2870

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!