What is CVE-2011-3970?

CVE-2011-3970 is a vulnerability in Google Chrome, classified under Out-of-bounds Read. Published 2012-02-09.

Is CVE-2011-3970 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Out-of-bounds Read in Google Chrome

CVE-2011-3970

libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Vulnerability class: Buffer Overflow

EPSS: 0.005 (66.5th percentile) — read the EPSS interpretation.

Affected products

Google Chrome
Xmlsoft Libxslt
Suse Linux_enterprise_desktop — versions 11
Suse Linux_enterprise_server — versions 10, 11
Suse Linux_enterprise_software_development_kit — versions 11
N/a — versions n/a

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

Public proof-of-concept exploits

References

SUSE-SU-2013:1654 (vendor-advisory, x_refsource_SUSE)
chrome-cve-admin@google.com (x_refsource_CONFIRM)
SUSE-SU-2013:1656 (vendor-advisory, x_refsource_SUSE)
oval:org.mitre.oval:def:14818 (x_refsource_OVAL, signature, vdb-entry)
chrome-cve-admin@google.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2011-3970?: CVE-2011-3970 is a vulnerability in Google Chrome, classified under Out-of-bounds Read. Published 2012-02-09.
Is CVE-2011-3970 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.