Vulnerabilities > CVE-2011-3057 - Out-Of-Bounds Read vulnerability in Google Chrome
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201203-24.NASL description The remote host is affected by the vulnerability described in GLSA-201203-24 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. The attacker could also entice a user to open a specially crafted web site using Chromium, possibly resulting in cross-site scripting (XSS), or an unspecified SPDY certificate checking error. Workaround : There is no known workaround at this time. last seen 2020-04-16 modified 2012-06-21 plugin id 59616 published 2012-06-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59616 title GLSA-201203-24 : Chromium, V8: Multiple vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B8F0A391791011E18A4300262D5ED8EE.NASL description Google Chrome Releases reports : [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa. [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis. [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz. [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google. [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team. [117417] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team). [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG. [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair. [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. last seen 2020-06-01 modified 2020-06-02 plugin id 58521 published 2012-03-29 reporter This script is Copyright (C) 2012-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58521 title FreeBSD : chromium -- multiple vulnerabilities (b8f0a391-7910-11e1-8a43-00262d5ed8ee) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_330106DA740611E1A1D700262D5ED8EE.NASL description Google Chrome Releases reports : [113902] High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz. [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project. [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis. [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google. [116746] High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz. [117418] Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov. [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie. [117550] High CVE-2011-3056: Cross-origin violation with last seen 2020-06-01 modified 2020-06-02 plugin id 58438 published 2012-03-23 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58438 title FreeBSD : chromium -- multiple vulnerabilities (330106da-7406-11e1-a1d7-00262d5ed8ee) NASL family Windows NASL id GOOGLE_CHROME_18_0_1025_142.NASL description The version of Google Chrome installed on the remote host is earlier than 18.0.1025.142 and is, therefore, affected by the following vulnerabilities : - An error exists in the v8 JavaScript engine that can allow invalid reads. (CVE-2011-3057) - An unspecified error exists related to bad interaction and last seen 2020-06-01 modified 2020-06-02 plugin id 58536 published 2012-03-30 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58536 title Google Chrome < 18.0.1025.142 Multiple Vulnerabilities NASL family Windows NASL id GOOGLE_CHROME_17_0_963_83.NASL description The version of Google Chrome installed on the remote host is earlier than 17.0.963.83 and is, therefore, affected by the following vulnerabilities : - An unspecified integer issue exists in libpng. (CVE-2011-3045) - An error exists related to the extension web request API that could allow denial of service attacks. Note this issue was corrected in a previous, unspecified release. (CVE-2011-3049) - Use-after-free errors exist related to last seen 2020-06-01 modified 2020-06-02 plugin id 58434 published 2012-03-22 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58434 title Google Chrome < 17.0.963.83 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-215.NASL description Security update for Chromium and V8 to 18.0.1025.142. Following bugs are listed in the Chrome changelog : - [$500] [109574<https://code.google.com/p/chromium/issues/detail ?id=109574>] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa. - [$500] [112317<https://code.google.com/p/chromium/issues/detail ?id=112317>] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis. - [$500] [114056<https://code.google.com/p/chromium/issues/detail ?id=114056>] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz. - [116398 <https://code.google.com/p/chromium/issues/detail?id=116 398>] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google. - [116524 <https://code.google.com/p/chromium/issues/detail?id=116 524>] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team. - [117417 <https://code.google.com/p/chromium/issues/detail?id=117 417>] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team). - [$1000] [117471<https://code.google.com/p/chromium/issues/detail ?id=117471>] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG. - [$1000] [117588<https://code.google.com/p/chromium/issues/detail ?id=117588>] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair. - [$500] [117794<https://code.google.com/p/chromium/issues/detail ?id=117794>] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. The bugs [112317<https://code.google.com/p/chromium/issues/detail?id=112317>], [114056 <https://code.google.com/p/chromium/issues/detail?id=114056>] and [ 117471 <https://code.google.com/p/chromium/issues/detail?id=117471>] were detected using AddressSanitizer<http://code.google.com/p/address-sanitizer/wiki/Addre ssSanitizer> . We last seen 2020-06-05 modified 2014-06-13 plugin id 74592 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74592 title openSUSE Security Update : chromium (openSUSE-SU-2012:0492-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201203-19.NASL description The remote host is affected by the vulnerability described in GLSA-201203-19 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, Universal Cross-Site Scripting, or installation of an extension without user interaction. A remote attacker could also entice a user to install a specially crafted extension that would interfere with browser-issued web requests. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59611 published 2012-06-21 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59611 title GLSA-201203-19 : Chromium: Multiple vulnerabilities
Oval
| accepted | 2013-08-12T04:04:32.762-04:00 | ||||||||||||||||
| class | vulnerability | ||||||||||||||||
| contributors |
| ||||||||||||||||
| definition_extensions |
| ||||||||||||||||
| description | Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation. | ||||||||||||||||
| family | windows | ||||||||||||||||
| id | oval:org.mitre.oval:def:14385 | ||||||||||||||||
| status | accepted | ||||||||||||||||
| submitted | 2012-03-22T14:05:33.178-04:00 | ||||||||||||||||
| title | Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation. | ||||||||||||||||
| version | 45 |
References
- http://code.google.com/p/chromium/issues/detail?id=117794
- http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html
- http://secunia.com/advisories/48512
- http://secunia.com/advisories/48527
- http://secunia.com/advisories/48618
- http://secunia.com/advisories/48691
- http://secunia.com/advisories/48763
- http://security.gentoo.org/glsa/glsa-201203-19.xml
- http://www.securityfocus.com/bid/52674
- http://www.securitytracker.com/id?1026877
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74217
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14385