Vulnerabilities > CVE-2011-3059 - Out-of-bounds Read vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201203-24.NASL description The remote host is affected by the vulnerability described in GLSA-201203-24 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. The attacker could also entice a user to open a specially crafted web site using Chromium, possibly resulting in cross-site scripting (XSS), or an unspecified SPDY certificate checking error. Workaround : There is no known workaround at this time. last seen 2020-04-16 modified 2012-06-21 plugin id 59616 published 2012-06-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59616 title GLSA-201203-24 : Chromium, V8: Multiple vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B8F0A391791011E18A4300262D5ED8EE.NASL description Google Chrome Releases reports : [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa. [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis. [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz. [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google. [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team. [117417] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team). [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG. [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair. [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. last seen 2020-06-01 modified 2020-06-02 plugin id 58521 published 2012-03-29 reporter This script is Copyright (C) 2012-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58521 title FreeBSD : chromium -- multiple vulnerabilities (b8f0a391-7910-11e1-8a43-00262d5ed8ee) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1617-1.NASL description A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62707 published 2012-10-26 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62707 title Ubuntu 12.04 LTS : webkit vulnerabilities (USN-1617-1) NASL family Windows NASL id ITUNES_10_7.NASL description The version of Apple iTunes installed on the remote Windows host is older than 10.7 and is, therefore, affected by multiple memory corruption vulnerabilities in WebKit. last seen 2020-06-01 modified 2020-06-02 plugin id 62077 published 2012-09-13 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62077 title Apple iTunes < 10.7 Multiple Vulnerabilities (credentialed check) NASL family Windows NASL id GOOGLE_CHROME_18_0_1025_142.NASL description The version of Google Chrome installed on the remote host is earlier than 18.0.1025.142 and is, therefore, affected by the following vulnerabilities : - An error exists in the v8 JavaScript engine that can allow invalid reads. (CVE-2011-3057) - An unspecified error exists related to bad interaction and last seen 2020-06-01 modified 2020-06-02 plugin id 58536 published 2012-03-30 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58536 title Google Chrome < 18.0.1025.142 Multiple Vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_SAFARI6_0.NASL description The version of Apple Safari installed on the remote Mac OS X host is earlier than 6.0. It is, therefore, potentially affected by several issues : - An unspecified cross-site scripting issue exists. (CVE-2012-0678) - An error in the handling of last seen 2020-06-01 modified 2020-06-02 plugin id 60127 published 2012-07-26 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60127 title Mac OS X : Apple Safari < 6.0 Multiple Vulnerabilities NASL family Peer-To-Peer File Sharing NASL id ITUNES_10_7_BANNER.NASL description The version of Apple iTunes on the remote host is prior to version 10.7. It is, therefore, affected by multiple memory corruption vulnerabilities in the WebKit component. last seen 2020-06-01 modified 2020-06-02 plugin id 62078 published 2012-09-13 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62078 title Apple iTunes < 10.7 Multiple Vulnerabilities (uncredentialed check) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-215.NASL description Security update for Chromium and V8 to 18.0.1025.142. Following bugs are listed in the Chrome changelog : - [$500] [109574<https://code.google.com/p/chromium/issues/detail ?id=109574>] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa. - [$500] [112317<https://code.google.com/p/chromium/issues/detail ?id=112317>] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis. - [$500] [114056<https://code.google.com/p/chromium/issues/detail ?id=114056>] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz. - [116398 <https://code.google.com/p/chromium/issues/detail?id=116 398>] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google. - [116524 <https://code.google.com/p/chromium/issues/detail?id=116 524>] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team. - [117417 <https://code.google.com/p/chromium/issues/detail?id=117 417>] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team). - [$1000] [117471<https://code.google.com/p/chromium/issues/detail ?id=117471>] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG. - [$1000] [117588<https://code.google.com/p/chromium/issues/detail ?id=117588>] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair. - [$500] [117794<https://code.google.com/p/chromium/issues/detail ?id=117794>] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. The bugs [112317<https://code.google.com/p/chromium/issues/detail?id=112317>], [114056 <https://code.google.com/p/chromium/issues/detail?id=114056>] and [ 117471 <https://code.google.com/p/chromium/issues/detail?id=117471>] were detected using AddressSanitizer<http://code.google.com/p/address-sanitizer/wiki/Addre ssSanitizer> . We last seen 2020-06-05 modified 2014-06-13 plugin id 74592 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74592 title openSUSE Security Update : chromium (openSUSE-SU-2012:0492-1)
Oval
| accepted | 2013-08-12T04:07:19.984-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:15200 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2012-04-01T08:45:06.747-04:00 | ||||||||||||
| title | Google Chrome before 18.0.1025.142 does not properly handle SVG text elements | ||||||||||||
| version | 44 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 52762 CVE ID: CVE-2011-3058,CVE-2011-3059,CVE-2011-3060,CVE-2011-3061,CVE-2011-3062,CVE-2011-3063,CVE-2011-3064,CVE-2011-3065 Google Chrome是由Google开发的一款设计简单、高效的Web浏览工具。 Google Chrome 18.0.1025.142之前版本在实现上存在多个安全漏洞,攻击者可利用这些漏洞执行任意代码、绕过安全限制、执行跨站脚本执行攻击。 0 Google Chrome < 18.0.1025.142 厂商补丁: Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.google.com |
| id | SSV:60015 |
| last seen | 2017-11-19 |
| modified | 2012-03-29 |
| published | 2012-03-29 |
| reporter | Root |
| title | Google Chrome 18.0.1025.142之前版本多个内存破坏漏洞 |
References
- http://code.google.com/p/chromium/issues/detail?id=112317
- http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html
- http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
- http://secunia.com/advisories/48618
- http://secunia.com/advisories/48691
- http://secunia.com/advisories/48763
- http://support.apple.com/kb/HT5400
- http://support.apple.com/kb/HT5485
- http://support.apple.com/kb/HT5503
- http://www.securityfocus.com/bid/52762
- http://www.securitytracker.com/id?1026877
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74409
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15200
- http://code.google.com/p/chromium/issues/detail?id=112317
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15200
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74409
- http://www.securitytracker.com/id?1026877
- http://www.securityfocus.com/bid/52762
- http://support.apple.com/kb/HT5503
- http://support.apple.com/kb/HT5485
- http://support.apple.com/kb/HT5400
- http://secunia.com/advisories/48763
- http://secunia.com/advisories/48691
- http://secunia.com/advisories/48618
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
- http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
- http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html