#VU11531 Memory corruption in libxslt - CVE-2017-5029

Cybersecurity Help s.r.o.

Published: 2018-04-04

Vulnerability identifier: #VU11531

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-5029

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libxslt
Universal components / Libraries / Libraries used by multiple products

Vendor: Gnome Development Team

Description
The vulnerability allows a remote attacker to write arbitrary files, cause DoS condition or execute arbitrary files on the target system.

The weakness exists in the xsltAddTextString function in transform.c due to lack of a check for integer overflow during a size calculation. A remote attacker can submit a specially crafted HTML page, trigger out-of-bounds write, write arbitrary files, cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation
Update to version 1.1.30.

Vulnerable software versions

libxslt: 1.1.29

External links
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for libxslt

Memory corruption in libxslt (Alpine package)

Arch Linux update for libxslt