Lucene search

[email protected]CVE-2010-1773

HistorySep 24, 2010 - 7:00 p.m.

CVE-2010-1773

2010-09-2419:00:00

CWE-193

[email protected]

web.nvd.nist.gov

cve-2010-1773

webkit

google chrome

off-by-one error

remote attackers

sensitive information

denial of service

memory corruption

application crash

arbitrary code

html lists

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.3%

JSON

Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.

CPENameOperatorVersion
google:chromegoogle chromelt5.0.375.70
redhat:enterprise_linuxredhat enterprise linuxeq6.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.04
opensuse:opensuseopensuseeq11.2
opensuse:opensuseopensuseeq11.3
fedoraproject:fedorafedoraproject fedoraeq13
fedoraproject:fedorafedoraproject fedoraeq12

CPE	Name	Operator	Version
google:chrome	google chrome	lt	5.0.375.70
redhat:enterprise_linux	redhat enterprise linux	eq	6.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	10.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	9.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	10.04
opensuse:opensuse	opensuse	eq	11.2
opensuse:opensuse	opensuse	eq	11.3
fedoraproject:fedora	fedoraproject fedora	eq	13
fedoraproject:fedora	fedoraproject fedora	eq	12

References

code.google.com/p/chromium/issues/detail?id=44955

googlechromereleases.blogspot.com/2010/06/stable-channel-update.html

lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html

lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

secunia.com/advisories/40072

secunia.com/advisories/40557

secunia.com/advisories/41856

secunia.com/advisories/43068

trac.webkit.org/changeset/59950

www.mandriva.com/security/advisories?name=MDVSA-2011:039

www.securityfocus.com/bid/41575

www.ubuntu.com/usn/USN-1006-1

www.vupen.com/english/advisories/2010/1801

www.vupen.com/english/advisories/2010/2722

www.vupen.com/english/advisories/2011/0212

www.vupen.com/english/advisories/2011/0552

bugs.webkit.org/show_bug.cgi?id=39508

bugzilla.redhat.com/show_bug.cgi?id=596500

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11830

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.3%

JSON

Related for CVE-2010-1773

debiancve1 cvelist1 ubuntucve1 prion2 cve1 nessus11 openvas25 fedora8 freebsd1