CVE-2011-3970
First published: Thu Feb 09 2012(Updated: )
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <17.0.963.46 | |
| libxslt | <=1.1.26 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp3 | |
| suse linux enterprise server vmware | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp2 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp2 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| SUSE Linux Enterprise Server | =10-sp4 | |
| suse linux enterprise server vmware | =11-sp2 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://code.google.com/p/chromium/issues/detail?id=110277
- http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html
- https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html
- https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14818
Frequently Asked Questions
What is the severity of CVE-2011-3970?
CVE-2011-3970 has been classified as a high severity vulnerability due to its potential to cause a denial of service.
How do I fix CVE-2011-3970?
To fix CVE-2011-3970, upgrade Google Chrome to version 17.0.963.46 or later and update libxslt to a version higher than 1.1.26.
What systems are affected by CVE-2011-3970?
CVE-2011-3970 affects Google Chrome versions before 17.0.963.46 and libxslt versions up to 1.1.26, as well as various SUSE Linux distributions.
Is CVE-2011-3970 likely to be exploited in the wild?
Given its high severity and the nature of the vulnerability, CVE-2011-3970 is potentially exploitable in the wild.
What type of vulnerability is CVE-2011-3970?
CVE-2011-3970 is categorized as an out-of-bounds read vulnerability that can lead to denial of service attacks.
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/google
- canonical/google chrome
- vendor/xmlsoft
- canonical/libxslt
- version/libxslt/1.1.26
- vendor/suse
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/11-sp3
- canonical/suse linux enterprise server vmware
- version/suse linux enterprise server vmware/11-sp3
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp2
- version/suse linux enterprise desktop with beagle/11-sp2
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11-sp3
- version/suse linux enterprise server/11-sp3
- version/suse linux enterprise server/10-sp4
- version/suse linux enterprise server vmware/11-sp2
- version/suse linux enterprise software development kit/11-sp2