CVE-2017-5029

HIGH8.8EPSS 1.2%

chromium-browser - security update

發布日:2018/7/31修改日:2025/12/3

也稱為:GHSA-pf6m-fxpq-fg8v DSA-3810-1ALPINE-CVE-2017-5029DEBIAN-CVE-2017-5029DEBIAN-CVE-2017-5030DEBIAN-CVE-2017-5031DEBIAN-CVE-2017-5032DEBIAN-CVE-2017-5033DEBIAN-CVE-2017-5034DEBIAN-CVE-2017-5035DEBIAN-CVE-2017-5036DEBIAN-CVE-2017-5037DEBIAN-CVE-2017-5038DEBIAN-CVE-2017-5039DEBIAN-CVE-2017-5040DEBIAN-CVE-2017-5041DEBIAN-CVE-2017-5042DEBIAN-CVE-2017-5043DEBIAN-CVE-2017-5044DEBIAN-CVE-2017-5045DEBIAN-CVE-2017-5046

描述

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

受影響套件(5)

Alpine/libxsltfrom 0, < 1.1.29-r1
Debian/chromium-browserfrom 0, < 57.0.2987.98-1~deb8u1
Debian/libxsltfrom 0, < 1.1.29-2.1
Debian/libxsltfrom 0, < 1.1.26-14.1+deb7u3
RubyGems/nokogirifrom 0, < 1.7.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

描述

受影響套件(5)

CVSS 分數

參考連結(10)