Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-1202

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

Published

2011-03-11T02:01:20.200

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	google	chrome	< 10.0.648.127	Yes
Application	xmlsoft	libxslt	≤ 1.1.26	Yes

References

http://code.google.com/p/chromium/issues/detail?id=73716 Exploit, Issue Tracking, Patch, Vendor Advisory ([email protected])
http://downloads.avaya.com/css/P8/documents/100144158 Third Party Advisory ([email protected])
http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f Patch, Third Party Advisory ([email protected])
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html Vendor Advisory ([email protected])
http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2012:164 Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/46785 Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2011/0628 Permissions Required ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=684386 Issue Tracking, Third Party Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/65966 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244 Third Party Advisory ([email protected])
http://code.google.com/p/chromium/issues/detail?id=73716 Exploit, Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://downloads.avaya.com/css/P8/documents/100144158 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2012:164 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/46785 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0628 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=684386 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65966 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)