CVE-2011-1202

CVSS v2.0 4.3 (Medium)

EPSS 0.37 % (73^th)

Affected Products 2

Advisories 15

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

Weaknesses

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Related CVEs

CVE-2011-0195
CVE-2011-1713

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2011-03-11 02:01:20
(13 years ago)
Updated Date: 2020-06-04 14:16:14
(4 years ago)

Affected Products

Google

Chrome

Xmlsoft

Libxslt

Configuration #1

		CPE23	From	Up To
	Google Chrome prior 10.0.648.127 version	cpe:2.3:a:google:chrome		< 10.0.648.127
	Xmlsoft Libxslt 1.1.26 and prior versions	cpe:2.3:a:xmlsoft:libxslt		<= 1.1.26