| Vulnerability Name: | CVE-2016-1684 (CCN-113457) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2016-05-25 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2016-05-25 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2017-07-01 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document. CWE-190: Integer Overflow or Wraparound | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-1684 Source: CCN Type: Google Chrome Releases Web site Stable Channel Update Source: CONFIRM Type: Vendor Advisory http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html Source: APPLE Type: UNKNOWN APPLE-SA-2016-07-18-1 Source: APPLE Type: UNKNOWN APPLE-SA-2016-07-18-2 Source: APPLE Type: UNKNOWN APPLE-SA-2016-07-18-3 Source: APPLE Type: UNKNOWN APPLE-SA-2016-07-18-4 Source: APPLE Type: UNKNOWN APPLE-SA-2016-07-18-6 Source: SUSE Type: UNKNOWN openSUSE-SU-2016:1430 Source: SUSE Type: UNKNOWN openSUSE-SU-2016:1433 Source: SUSE Type: UNKNOWN openSUSE-SU-2016:1496 Source: CCN Type: RHSA-2016-1190 Important: chromium-browser security update Source: DEBIAN Type: UNKNOWN DSA-3590 Source: DEBIAN Type: UNKNOWN DSA-3605 Source: BID Type: UNKNOWN 90876 Source: CCN Type: BID-90876 Google Chrome Prior to 51.0.2704.63 Multiple Security Vulnerabilities Source: SECTRACK Type: UNKNOWN 1035981 Source: UBUNTU Type: UNKNOWN USN-2992-1 Source: REDHAT Type: UNKNOWN RHSA-2016:1190 Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=1340017 Source: CONFIRM Type: UNKNOWN https://crbug.com/583171 Source: XF Type: UNKNOWN google-chrome-cve20161684-overflow(113457) Source: CONFIRM Type: UNKNOWN https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d Source: FEDORA Type: UNKNOWN FEDORA-2019-320d5295fc Source: GENTOO Type: UNKNOWN GLSA-201607-07 Source: CONFIRM Type: UNKNOWN https://support.apple.com/HT206899 Source: CONFIRM Type: UNKNOWN https://support.apple.com/HT206901 Source: CONFIRM Type: UNKNOWN https://support.apple.com/HT206902 Source: CONFIRM Type: UNKNOWN https://support.apple.com/HT206903 Source: CONFIRM Type: UNKNOWN https://support.apple.com/HT206904 Source: CONFIRM Type: UNKNOWN https://support.apple.com/HT206905 Source: CCN Type: WhiteSource Vulnerability Database CVE-2016-1684 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||