CVE-2012-2870 — MEDIUM (4.3)

Q: How severe is CVE-2012-2870?

CVE-2012-2870 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-2870?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Google Chrome, Xmlsoft Libxslt.

Vulnerability Description

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Apple	Iphone Os	<= 6.1.4
Google	Chrome	<= 21.0.1180.88
Xmlsoft	Libxslt	<= 1.1.26

Related Weaknesses (CWE)

CWE-399

References

FAQ

What is CVE-2012-2870?

CVE-2012-2870 is a vulnerability with a CVSS score of 4.3 (MEDIUM). libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a cra...

How severe is CVE-2012-2870?

CVE-2012-2870 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-2870?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Google Chrome, Xmlsoft Libxslt.