Vulnerabilities > CVE-2011-3016 - USE After Free vulnerability in Google Chrome

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
google
apple
CWE-416
nessus

Summary

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.

Vulnerable Configurations

Part Description Count
Application
Google
2020
Application
Apple
277
OS
Apple
100

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idGOOGLE_CHROME_17_0_963_56.NASL
    descriptionThe version of Google Chrome installed on the remote host is earlier than 17.0.963.56 and is, therefore, affected by the following vulnerabilities: - Integer overflow errors exist related to PDF codecs and libpng. (CVE-2011-3015, CVE-2011-3026) - A read-after-free error exists related to
    last seen2020-06-01
    modified2020-06-02
    plugin id57974
    published2012-02-16
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57974
    titleGoogle Chrome < 17.0.963.56 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57974);
      script_version("1.9");
      script_cvs_date("Date: 2018/11/15 20:50:26");
    
      script_cve_id(
        "CVE-2011-3015",
        "CVE-2011-3016",
        "CVE-2011-3017",
        "CVE-2011-3018",
        "CVE-2011-3019",
        "CVE-2011-3020",
        "CVE-2011-3021",
        "CVE-2011-3022",
        "CVE-2011-3023",
        "CVE-2011-3024",
        "CVE-2011-3025",
        "CVE-2011-3026",
        "CVE-2011-3027"
      );
      script_bugtraq_id(52031, 52049);
    
      script_name(english:"Google Chrome < 17.0.963.56 Multiple Vulnerabilities");
      script_summary(english:"Checks version number of Google Chrome");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a web browser that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Google Chrome installed on the remote host is earlier
    than 17.0.963.56 and is, therefore, affected by the following
    vulnerabilities:
    
      - Integer overflow errors exist related to PDF codecs and
        libpng. (CVE-2011-3015, CVE-2011-3026)
    
      - A read-after-free error exists related to 'counter
        nodes'. (CVE-2011-3016)
    
      - Use-after-free errors exist related to database
        handling, subframe loading, and drag-and-drop
        functionality. (CVE-2011-3017, CVE-2011-3021,
        CVE-2011-3023)
    
      - Heap-overflow errors exist related to path rendering and
        'MKV' handling. (CVE-2011-3018, CVE-2011-3019)
    
      - Unspecified errors exist related to the native
        client validator and HTTP use with translation scripts.
        (CVE-2011-3020, CVE-2011-3022)
    
      - Empty x509 certificates can cause browser crashes.
        (CVE-2011-3024)
    
      - An out-of-bounds read error exists related to h.264
        parsing. (CVE-2011-3025)
    
      - A bad variable cast exists related to column handling.
        (CVE-2011-3027)");
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?32f2be13");
      script_set_attribute(attribute:"solution", value:"Upgrade to Google Chrome 17.0.963.56 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/02/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("google_chrome_installed.nasl");
      script_require_keys("SMB/Google_Chrome/Installed");
    
      exit(0);
    }
    
    include("google_chrome_version.inc");
    
    get_kb_item_or_exit("SMB/Google_Chrome/Installed");
    
    installs = get_kb_list("SMB/Google_Chrome/*");
    google_chrome_check_version(installs:installs, fix:'17.0.963.56', severity:SECURITY_HOLE);
    
  • NASL familyWindows
    NASL idITUNES_10_7.NASL
    descriptionThe version of Apple iTunes installed on the remote Windows host is older than 10.7 and is, therefore, affected by multiple memory corruption vulnerabilities in WebKit.
    last seen2020-06-01
    modified2020-06-02
    plugin id62077
    published2012-09-13
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62077
    titleApple iTunes < 10.7 Multiple Vulnerabilities (credentialed check)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201202-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201202-01 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, information leak (clipboard contents), bypass of the Same Origin Policy, or escape from NativeClient
    last seen2020-06-01
    modified2020-06-02
    plugin id58025
    published2012-02-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58025
    titleGLSA-201202-01 : Chromium: Multiple vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_2F5FF968582911E1828800262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts). [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz. [108695] High CVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz. [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG. [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the Google Security Team. [111575] Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community. [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis. [112236] Medium CVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes). [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt. [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot. [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to Slawomir Blazek. [112822] High CVE-2011-3026: Integer overflow / truncation in libpng. Credit to Juri Aedla. [112847] Medium CVE-2011-3027: Bad cast in column handling. Credit to miaubiz.
    last seen2020-06-01
    modified2020-06-02
    plugin id57968
    published2012-02-16
    reporterThis script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57968
    titleFreeBSD : chromium -- multiple vulnerabilities (2f5ff968-5829-11e1-8288-00262d5ed8ee)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-142.NASL
    descriptionChromium version 19.0.1046 and v8 version 3.9.7.0 fix several security issues.
    last seen2020-06-05
    modified2014-06-13
    plugin id74563
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74563
    titleopenSUSE Security Update : chromium / v8 (openSUSE-2012-142)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SAFARI6_0.NASL
    descriptionThe version of Apple Safari installed on the remote Mac OS X host is earlier than 6.0. It is, therefore, potentially affected by several issues : - An unspecified cross-site scripting issue exists. (CVE-2012-0678) - An error in the handling of
    last seen2020-06-01
    modified2020-06-02
    plugin id60127
    published2012-07-26
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60127
    titleMac OS X : Apple Safari < 6.0 Multiple Vulnerabilities
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_10_7_BANNER.NASL
    descriptionThe version of Apple iTunes on the remote host is prior to version 10.7. It is, therefore, affected by multiple memory corruption vulnerabilities in the WebKit component.
    last seen2020-06-01
    modified2020-06-02
    plugin id62078
    published2012-09-13
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62078
    titleApple iTunes < 10.7 Multiple Vulnerabilities (uncredentialed check)

Oval

accepted2014-04-07T04:01:52.904-04:00
classvulnerability
contributors
  • nameScott Quint
    organizationDTCC
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
descriptionUse-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.
familywindows
idoval:org.mitre.oval:def:14919
statusaccepted
submitted2012-02-22T08:19:02.000-05:00
titleUse-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.
version50