6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.02 Low
EPSS
Percentile
89.0%
Severity: Critical
Date : 2017-03-12
CVE-ID : CVE-2017-5029
Package : libxslt
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-195
The package libxslt before version 1.1.29+41+gdf5330d1-1 is vulnerable
to arbitrary code execution.
Upgrade to 1.1.29+41+gdf5330d1-1.
The problem has been fixed upstream but no release is available yet.
None.
An integer overflow issue has been found in libxslt, leading to an out
of bounds write on 64-bit systems.
A remote attacker might be able to execute arbitrary code on the
affected host.
https://bugs.archlinux.org/task/53257
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
https://crbug.com/676623
https://security.archlinux.org/CVE-2017-5029
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.02 Low
EPSS
Percentile
89.0%