Lucene search
GoogleOSV:GHSA-PF6M-FXPQ-FG8VHistoryJul 31, 2018 - 6:21 p.m.
Nokogiri implementation of libxslt lacks integer overflow checks
2018-07-3118:21:29
Google
osv.dev
25
0.02 Low
EPSS
Percentile
89.0%
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Nokogiri prior to 1.7.2, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
References
git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
github.com/advisories/GHSA-pf6m-fxpq-fg8v
github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-5029.yml
github.com/sparklemotion/nokogiri
github.com/sparklemotion/nokogiri/issues/1634
nvd.nist.gov/vuln/detail/CVE-2017-5029
ubuntu.com/security/CVE-2017-5029
ubuntu.com/security/notices/USN-3271-1
Related
archlinux
archlinux
[ASA-201703-5] libxslt: arbitrary code execution
2017-03-12 00:00:00
[ASA-201703-4] chromium: multiple issues
2017-03-11 00:00:00
cve
cve
CVE-2017-5029
2017-04-24 23:59:00
cvelist
cvelist
CVE-2017-5029
2017-04-24 23:00:00
redhatcve
redhatcve
CVE-2017-5029
2017-03-10 09:20:20
debian
debian
[SECURITY] [DLA 866-1] libxslt security update
2017-03-23 13:20:26
[SECURITY] [DSA 3810-1] chromium-browser security update
2017-03-15 12:29:29
[SECURITY] [DSA 3810-1] chromium-browser security update
2017-03-15 12:29:29
openvas
openvas
Mageia: Security Advisory (MGASA-2017-0125)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-866-1)
2018-01-11 00:00:00
Apple Mac OS X Multiple Memory Corruption Vulnerabilities (HT207615)
2017-05-19 00:00:00
github
github
Nokogiri implementation of libxslt lacks integer overflow checks
2018-07-31 18:21:29
nvd
nvd
CVE-2017-5029
2017-04-24 23:59:00
osv
osv
libxslt - security update
2017-03-23 00:00:00
CVE-2017-5029
2017-04-24 23:59:00
chromium-browser - security update
2017-03-15 00:00:00
prion
prion
Integer overflow
2017-04-24 23:59:00
nessus
nessus
Debian DLA-866-1 : libxslt security update
2017-03-24 00:00:00
GLSA-201804-01 : libxslt: Multiple vulnerabilities
2018-04-04 00:00:00
alpinelinux
alpinelinux
CVE-2017-5029
2017-04-24 23:59:00
ubuntucve
ubuntucve
CVE-2017-5029
2017-03-10 00:00:00
mageia
mageia
Updated libxslt packages fix security vulnerability
2017-05-02 09:37:59
Updated chromium-browser-stable packages fix security vulnerability
2017-04-21 10:24:22
debiancve
debiancve
CVE-2017-5029
2017-04-24 23:59:00
freebsd
freebsd
GitLab -- multiple vulnerabilities
2017-09-07 00:00:00
chromium -- multiple vulnerabilities
2017-03-09 00:00:00
gentoo
gentoo
libxslt: Multiple vulnerabilities
2018-04-04 00:00:00
rubygems
rubygems
Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
2017-05-08 21:00:00
photon
photon
ibm
ibm
ubuntu
ubuntu
Libxslt vulnerabilities
2017-04-28 00:00:00
Oxide vulnerabilities
2017-03-29 00:00:00
apple
apple
About the security content of iCloud for Windows 6.2
2017-03-28 00:00:00
About the security content of iCloud for Windows 6.2 - Apple Support
2017-04-24 06:47:37
About the security content of iTunes 12.6 for Windows
2017-03-21 00:00:00
suse
suse
Security update for Chromium (important)
2017-03-18 00:09:23
Security update for Chromium (important)
2017-03-18 00:08:56
redhat
redhat
(RHSA-2017:0499) Important: chromium-browser security update
2017-03-14 06:03:42
chrome
chrome
Stable Channel Update for Desktop
2017-03-09 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: qt5-qtwebengine-5.9.0-4.fc25
2017-07-12 03:27:41
[SECURITY] Fedora 26 Update: qt5-qtwebengine-5.9.0-4.fc26
2017-07-06 22:53:47
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47