1. Home
  2. CVE Database
  3. CVE-2017-5029
HIGH · 8.8

CVE-2017-5029

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for i...

Vulnerability Description

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
GoogleChrome<= 57.0.2987.75
AppleMacos-
LinuxLinux Kernel-
MicrosoftWindows-
GoogleAndroid-
XmlsoftLibxslt1.1.29
DebianDebian Linux8.0
RedhatEnterprise Linux Desktop6.0
RedhatEnterprise Linux Server6.0
RedhatEnterprise Linux Workstation6.0

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2017-5029?

CVE-2017-5029 is a vulnerability with a CVSS score of 8.8 (HIGH). The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for i...

How severe is CVE-2017-5029?

CVE-2017-5029 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-5029?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Macos, Linux Linux Kernel, Microsoft Windows, Google Android.