Vulnerability CVE-2017-5122


Published: 2017-10-27

Description:
Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Google
Product: Chrome 
Version:
9.0.600.0
9.0.599.0
9.0.598.0
9.0.597.99
9.0.597.98
9.0.597.97
9.0.597.96
9.0.597.94
9.0.597.92
9.0.597.90
9.0.597.9
9.0.597.88
9.0.597.86
9.0.597.85
9.0.597.84
9.0.597.83
9.0.597.82
9.0.597.81
9.0.597.80
9.0.597.8
9.0.597.79
9.0.597.78
9.0.597.77
9.0.597.76
9.0.597.75
9.0.597.74
9.0.597.73
9.0.597.72
9.0.597.71
9.0.597.70
9.0.597.7
9.0.597.69
9.0.597.68
9.0.597.67
9.0.597.66
9.0.597.65
9.0.597.64
9.0.597.63
9.0.597.62
9.0.597.60
9.0.597.59
9.0.597.58
9.0.597.57
9.0.597.56
9.0.597.55
9.0.597.54
9.0.597.5
9.0.597.47
9.0.597.46
9.0.597.45
9.0.597.44
9.0.597.42
9.0.597.41
9.0.597.40
9.0.597.4
9.0.597.39
9.0.597.38
9.0.597.37
9.0.597.36
9.0.597.35
9.0.597.34
9.0.597.33
9.0.597.32
9.0.597.31
9.0.597.30
9.0.597.29
9.0.597.28
9.0.597.27
9.0.597.26
9.0.597.25
9.0.597.24
9.0.597.23
9.0.597.22
9.0.597.21
9.0.597.20
9.0.597.2
9.0.597.19
9.0.597.18
9.0.597.17
9.0.597.16
9.0.597.15
9.0.597.14
9.0.597.12
9.0.597.11
9.0.597.107
9.0.597.106
9.0.597.102
9.0.597.101
9.0.597.100
9.0.597.10
9.0.597.1
9.0.597.0
9.0.596.0
9.0.595.0
9.0.594.0
9.0.593.0
9.0.592.0
9.0.591.0
9.0.590.0
9.0.589.0
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.debian.org/security/2017/dsa-3985
http://www.securityfocus.com/bid/100947
http://www.securitytracker.com/id/1039497
https://access.redhat.com/errata/RHSA-2017:2792
https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html
https://crbug.com/752423
https://security.gentoo.org/glsa/201709-25

Related CVE
CVE-2014-0900
The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure.
CVE-2017-0751
An elevation of privilege vulnerability in the Qualcomm QCE driver. Product: Android. Versions: Android kernel. Android ID: A-36591162. References: QC-CR#2045061.
CVE-2017-0748
An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798.
CVE-2017-0744
An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34112726. References: N-CVE-2017-0744.
CVE-2017-0431
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32573899.
CVE-2016-8482
An elevation of privilege vulnerability in the NVIDIA GPU driver. Product: Android. Versions: Android kernel. Android ID: A-31799863. References: N-CVE-2016-8482.
CVE-2015-9016
In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android...
CVE-2017-6426
An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842.

Copyright 2018, cxsecurity.com

 

Back to Top