gsd-2017-5029
Vulnerability from gsd
Modified
2017-05-09 00:00
Details
nokogiri version 1.7.2 has been released.
This is a security update based on 1.7.1, addressing two upstream
libxslt 1.1.29 vulnerabilities classified as "Medium" by Canonical
and given a CVSS3 score of "6.5 Medium" and "8.8 High" by RedHat.
These patches only apply when using Nokogiri's vendored libxslt
package. If you're using your distro's system libraries, there's no
need to upgrade from 1.7.0.1 or 1.7.1 at this time.
Full details are available at the github issue linked to in the
changelog below.
-----
# 1.7.2 / 2017-05-09
## Security Notes
[MRI] Upstream libxslt patches are applied to the vendored libxslt
1.1.29 which address CVE-2017-5029 and CVE-2016-4738.
For more information:
* https://github.com/sparklemotion/nokogiri/issues/1634
* http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5029.html
* http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4738.html
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-5029",
"description": "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.",
"id": "GSD-2017-5029",
"references": [
"https://www.suse.com/security/cve/CVE-2017-5029.html",
"https://www.debian.org/security/2017/dsa-3810",
"https://access.redhat.com/errata/RHSA-2017:0499",
"https://ubuntu.com/security/CVE-2017-5029",
"https://advisories.mageia.org/CVE-2017-5029.html",
"https://security.archlinux.org/CVE-2017-5029"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "nokogiri",
"purl": "pkg:gem/nokogiri"
}
}
],
"aliases": [
"CVE-2017-5029",
"GHSA-pf6m-fxpq-fg8v"
],
"details": "nokogiri version 1.7.2 has been released.\n\nThis is a security update based on 1.7.1, addressing two upstream\nlibxslt 1.1.29 vulnerabilities classified as \"Medium\" by Canonical\nand given a CVSS3 score of \"6.5 Medium\" and \"8.8 High\" by RedHat.\n\nThese patches only apply when using Nokogiri\u0027s vendored libxslt\npackage. If you\u0027re using your distro\u0027s system libraries, there\u0027s no\nneed to upgrade from 1.7.0.1 or 1.7.1 at this time.\n\nFull details are available at the github issue linked to in the\nchangelog below.\n\n-----\n\n# 1.7.2 / 2017-05-09\n\n## Security Notes\n\n[MRI] Upstream libxslt patches are applied to the vendored libxslt\n1.1.29 which address CVE-2017-5029 and CVE-2016-4738.\n\nFor more information:\n\n* https://github.com/sparklemotion/nokogiri/issues/1634\n* http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5029.html\n* http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4738.html\n",
"id": "GSD-2017-5029",
"modified": "2017-05-09T00:00:00.000Z",
"published": "2017-05-09T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/issues/1634"
},
{
"type": "WEB",
"url": "http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5029.html"
},
{
"type": "WEB",
"url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4738.html"
}
],
"related": [
"CVE-2016-4738",
"CVE-2017-5029"
],
"schema_version": "1.4.0",
"severity": [
{
"score": 8.8,
"type": "CVSS_V3"
}
],
"summary": "Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"name": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5"
},
{
"name": "1038157",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038157"
},
{
"name": "https://crbug.com/676623",
"refsource": "CONFIRM",
"url": "https://crbug.com/676623"
},
{
"name": "DSA-3810",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3810"
},
{
"name": "96767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96767"
},
{
"name": "RHSA-2017:0499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2017-5029",
"cvss_v3": 8.8,
"date": "2017-05-09",
"description": "nokogiri version 1.7.2 has been released.\n\nThis is a security update based on 1.7.1, addressing two upstream\nlibxslt 1.1.29 vulnerabilities classified as \"Medium\" by Canonical\nand given a CVSS3 score of \"6.5 Medium\" and \"8.8 High\" by RedHat.\n\nThese patches only apply when using Nokogiri\u0027s vendored libxslt\npackage. If you\u0027re using your distro\u0027s system libraries, there\u0027s no\nneed to upgrade from 1.7.0.1 or 1.7.1 at this time.\n\nFull details are available at the github issue linked to in the\nchangelog below.\n\n-----\n\n# 1.7.2 / 2017-05-09\n\n## Security Notes\n\n[MRI] Upstream libxslt patches are applied to the vendored libxslt\n1.1.29 which address CVE-2017-5029 and CVE-2016-4738.\n\nFor more information:\n\n* https://github.com/sparklemotion/nokogiri/issues/1634\n* http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5029.html\n* http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4738.html\n",
"gem": "nokogiri",
"ghsa": "pf6m-fxpq-fg8v",
"patched_versions": [
"\u003e= 1.7.2"
],
"related": {
"cve": [
"2016-4738",
"2017-5029"
],
"url": [
"http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5029.html",
"http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4738.html"
]
},
"title": "Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29",
"url": "https://github.com/sparklemotion/nokogiri/issues/1634"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.7.1",
"affected_versions": "Version 1.1.29",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-787",
"CWE-937"
],
"date": "2018-01-05",
"description": "The `xsltAddTextString` function in `transform.c` in libxslt, as used by nokogiri, lacks a check for integer overflow during a size calculation, which allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page.",
"fixed_versions": [
"1.7.1"
],
"identifier": "CVE-2017-5029",
"identifiers": [
"CVE-2017-5029"
],
"not_impacted": "All versions before 1.1.29, all versions after 1.1.29",
"package_slug": "gem/nokogiri",
"pubdate": "2017-04-24",
"solution": "Upgrade to version 1.7.1 or above.",
"title": "Upstream libxslt vulnerabilities",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-5029",
"http://www.securityfocus.com/bid/96767",
"https://crbug.com/676623",
"https://github.com/sparklemotion/nokogiri/issues/1634"
],
"uuid": "4289ba56-7bdf-4067-8314-1b3209d05948"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "57.0.2987.75",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "57.0.2987.100",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5029"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5"
},
{
"name": "https://crbug.com/676623",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://crbug.com/676623"
},
{
"name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"name": "96767",
"refsource": "BID",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/96767"
},
{
"name": "1038157",
"refsource": "SECTRACK",
"tags": [
"Broken Link"
],
"url": "http://www.securitytracker.com/id/1038157"
},
{
"name": "DSA-3810",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3810"
},
{
"name": "RHSA-2017:0499",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-04-22T20:19Z",
"publishedDate": "2017-04-24T23:59Z"
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.