Lucene search

MitreCVE-2010-0645

HistoryFeb 18, 2010 - 6:00 p.m.

CVE-2010-0645

2010-02-1818:00:00

CWE-189

mitre

web.nvd.nist.gov

cve-2010-0645

google v8

integer overflows

remote code execution

javascript arrays

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

0.049

Percentile

92.8%

JSON

Multiple integer overflows in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.

Affected configurations

Nvd

Node

googlechromeRange≤4.0.249.78

googlechromeMatch0.2.149.27

googlechromeMatch0.2.149.29

googlechromeMatch0.2.149.30

googlechromeMatch0.2.152.1

googlechromeMatch0.2.153.1

googlechromeMatch0.3.154.0

googlechromeMatch0.3.154.3

googlechromeMatch0.4.154.18

googlechromeMatch0.4.154.22

googlechromeMatch0.4.154.31

googlechromeMatch0.4.154.33

googlechromeMatch1.0.154.36

googlechromeMatch1.0.154.39

googlechromeMatch1.0.154.42

googlechromeMatch1.0.154.43

googlechromeMatch1.0.154.46

googlechromeMatch1.0.154.48

googlechromeMatch1.0.154.52

googlechromeMatch1.0.154.53

googlechromeMatch1.0.154.59

googlechromeMatch1.0.154.65

googlechromeMatch2.0.156.1

googlechromeMatch2.0.157.0

googlechromeMatch2.0.157.2

googlechromeMatch2.0.158.0

googlechromeMatch2.0.159.0

googlechromeMatch2.0.169.0

googlechromeMatch2.0.169.1

googlechromeMatch2.0.170.0

googlechromeMatch2.0.172

googlechromeMatch2.0.172.2

googlechromeMatch2.0.172.8

googlechromeMatch2.0.172.27

googlechromeMatch2.0.172.28

googlechromeMatch2.0.172.30

googlechromeMatch2.0.172.31

googlechromeMatch2.0.172.33

googlechromeMatch2.0.172.37

googlechromeMatch2.0.172.38

googlechromeMatch3.0.182.2

googlechromeMatch3.0.190.2

googlechromeMatch3.0.193.2beta

googlechromeMatch3.0.195.21

googlechromeMatch3.0.195.24

googlechromeMatch3.0.195.32

googlechromeMatch3.0.195.33

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
googlechrome0.2.149.27cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*
googlechrome0.2.149.29cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
googlechrome0.2.149.30cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
googlechrome0.2.152.1cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
googlechrome0.2.153.1cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
googlechrome0.3.154.0cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
googlechrome0.3.154.3cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
googlechrome0.4.154.18cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
googlechrome0.4.154.22cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::::
google	chrome	0.2.149.27	cpe:2.3:a:google:chrome:0.2.149.27:::::::*
google	chrome	0.2.149.29	cpe:2.3:a:google:chrome:0.2.149.29:::::::*
google	chrome	0.2.149.30	cpe:2.3:a:google:chrome:0.2.149.30:::::::*
google	chrome	0.2.152.1	cpe:2.3:a:google:chrome:0.2.152.1:::::::*
google	chrome	0.2.153.1	cpe:2.3:a:google:chrome:0.2.153.1:::::::*
google	chrome	0.3.154.0	cpe:2.3:a:google:chrome:0.3.154.0:::::::*
google	chrome	0.3.154.3	cpe:2.3:a:google:chrome:0.3.154.3:::::::*
google	chrome	0.4.154.18	cpe:2.3:a:google:chrome:0.4.154.18:::::::*
google	chrome	0.4.154.22	cpe:2.3:a:google:chrome:0.4.154.22:::::::*

Rows per page:

1-10 of 471

References

code.google.com/p/chromium/issues/detail?id=31009

code.google.com/p/v8/source/detail?r=3560

codereview.chromium.org/525064

googlechromereleases.blogspot.com/2010/02/stable-channel-update.html

secunia.com/advisories/38545

securitytracker.com/id?1023583

sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs

www.osvdb.org/62316

www.securityfocus.com/bid/38177

www.vupen.com/english/advisories/2010/0361

exchange.xforce.ibmcloud.com/vulnerabilities/56213

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14508

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

0.049

Percentile

92.8%

JSON

Related for CVE-2010-0645