Lucene search

[email protected]CVE-2010-1772

HistorySep 24, 2010 - 7:00 p.m.

CVE-2010-1772

2010-09-2419:00:04

CWE-416

[email protected]

web.nvd.nist.gov

cve-2010-1772

use-after-free vulnerability

webkit

google chrome

remote code execution

denial of service

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

91.3%

JSON

Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.

Affected configurations

NVD

Node

googlechromeRange<5.0.375.70

Node

redhatenterprise_linuxMatch6.0

Node

canonicalubuntu_linuxMatch9.10

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch10.10

Node

opensuseopensuseMatch11.2

opensuseopensuseMatch11.3

Node

fedoraprojectfedoraMatch12

fedoraprojectfedoraMatch13

CPENameOperatorVersion
google:chromegoogle chromelt5.0.375.70

CPE	Name	Operator	Version
google:chrome	google chrome	lt	5.0.375.70

References

code.google.com/p/chromium/issues/detail?id=44868

googlechromereleases.blogspot.com/2010/06/stable-channel-update.html

lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html

lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

secunia.com/advisories/40072

secunia.com/advisories/40557

secunia.com/advisories/41856

secunia.com/advisories/43068

trac.webkit.org/changeset/59859

www.mandriva.com/security/advisories?name=MDVSA-2011:039

www.ubuntu.com/usn/USN-1006-1

www.vupen.com/english/advisories/2010/1801

www.vupen.com/english/advisories/2010/2722

www.vupen.com/english/advisories/2011/0212

www.vupen.com/english/advisories/2011/0552

bugs.webkit.org/show_bug.cgi?id=39388

bugzilla.redhat.com/show_bug.cgi?id=596498

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11661

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

91.3%

JSON

Related for CVE-2010-1772

debiancve1 ubuntucve1 nvd2 prion2 cvelist1 cve1 nessus12 openvas25 fedora8 freebsd1