CVE-2011-1202 Information

Feb 14, 2021 cve

Description

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier as used in Google Chrome before 10.0.648.127 and other products allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

Reference

http://code.google.com/p/chromium/issues/detail?id=73716 http://downloads.avaya.com/css/P8/documents/100144158 http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2012:164 http://www.securityfocus.com/bid/46785 http://www.vupen.com/english/advisories/2011/0628 https://bugzilla.redhat.com/show_bug.cgi?id=684386 https://exchange.xforce.ibmcloud.com/vulnerabilities/65966 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A14244

Share on: