Lucene search

[email protected]CVE-2008-6995

HistoryAug 19, 2009 - 5:24 a.m.

CVE-2008-6995

2009-08-1905:24:52

CWE-189

[email protected]

web.nvd.nist.gov

cve-2008-6995

google chrome

buffer over-read

denial of service

nvd

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.033 Low

EPSS

Percentile

91.4%

JSON

Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome 0.2.149.27 allows remote attackers to cause a denial of service (browser crash) via a URI with an invalid handler followed by a “%” (percent) character, which triggers a buffer over-read, as demonstrated using an “about:%” URI.

Affected configurations

NVD

Node

googlechromeMatch0.2.149.27

CPENameOperatorVersion
google:chromegoogle chromeeq0.2.149.27

CPE	Name	Operator	Version
google:chrome	google chrome	eq	0.2.149.27

References

archives.neohapsis.com/archives/bugtraq/2008-09/0028.html

code.google.com/p/chromium/issues/detail?id=122

evilfingers.com/advisory/google_chrome_poc.php

osvdb.org/47908

src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/net/base/escape.cc?r1=1757&r2=1760&pathrev=1760

www.securityfocus.com/bid/30983

exchange.xforce.ibmcloud.com/vulnerabilities/44899

www.evilfingers.com/advisory/Google_Chrome_Browser_0.2.149.27_in_chrome_dll.php

www.exploit-db.com/exploits/6353

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.033 Low

EPSS

Percentile

91.4%

JSON

Related for CVE-2008-6995

prion1 cvelist1 nvd1 debiancve1 nessus1 openvas2