PRIOn knowledge basePRION:CVE-2008-6998

HistoryAug 19, 2009 - 5:24 a.m.

Stack overflow

2009-08-1905:24:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

Low

0.156 Low

EPSS

Percentile

96.0%

JSON

Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which triggers the overflow when the status bar is updated after the user hovers over the link.

CPENameOperatorVersion
chromeeq0.2.149.27

CPE	Name	Operator	Version
	chrome	eq	0.2.149.27

References

osvdb.org/48264

shinnok.evonet.ro/vulns_html/chrome.html

src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/chrome/common/gfx/url_elider.cc?r1=1774&r2=1797&pathrev=1797

www.securityfocus.com/bid/31034

www.securityfocus.com/bid/31071

exchange.xforce.ibmcloud.com/vulnerabilities/44934

exchange.xforce.ibmcloud.com/vulnerabilities/45032

googlechromereleases.blogspot.com/2008/09/beta-release-0214929.html

www.exploit-db.com/exploits/6372