Vulnerabilities > CVE-2011-3065 - Integer Overflow OR Wraparound vulnerability in Google Chrome
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201203-24.NASL description The remote host is affected by the vulnerability described in GLSA-201203-24 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. The attacker could also entice a user to open a specially crafted web site using Chromium, possibly resulting in cross-site scripting (XSS), or an unspecified SPDY certificate checking error. Workaround : There is no known workaround at this time. last seen 2020-04-16 modified 2012-06-21 plugin id 59616 published 2012-06-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59616 title GLSA-201203-24 : Chromium, V8: Multiple vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B8F0A391791011E18A4300262D5ED8EE.NASL description Google Chrome Releases reports : [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa. [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis. [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz. [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google. [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team. [117417] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team). [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG. [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair. [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. last seen 2020-06-01 modified 2020-06-02 plugin id 58521 published 2012-03-29 reporter This script is Copyright (C) 2012-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58521 title FreeBSD : chromium -- multiple vulnerabilities (b8f0a391-7910-11e1-8a43-00262d5ed8ee) NASL family Windows NASL id GOOGLE_CHROME_18_0_1025_142.NASL description The version of Google Chrome installed on the remote host is earlier than 18.0.1025.142 and is, therefore, affected by the following vulnerabilities : - An error exists in the v8 JavaScript engine that can allow invalid reads. (CVE-2011-3057) - An unspecified error exists related to bad interaction and last seen 2020-06-01 modified 2020-06-02 plugin id 58536 published 2012-03-30 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58536 title Google Chrome < 18.0.1025.142 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-215.NASL description Security update for Chromium and V8 to 18.0.1025.142. Following bugs are listed in the Chrome changelog : - [$500] [109574<https://code.google.com/p/chromium/issues/detail ?id=109574>] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa. - [$500] [112317<https://code.google.com/p/chromium/issues/detail ?id=112317>] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis. - [$500] [114056<https://code.google.com/p/chromium/issues/detail ?id=114056>] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz. - [116398 <https://code.google.com/p/chromium/issues/detail?id=116 398>] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google. - [116524 <https://code.google.com/p/chromium/issues/detail?id=116 524>] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team. - [117417 <https://code.google.com/p/chromium/issues/detail?id=117 417>] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team). - [$1000] [117471<https://code.google.com/p/chromium/issues/detail ?id=117471>] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG. - [$1000] [117588<https://code.google.com/p/chromium/issues/detail ?id=117588>] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair. - [$500] [117794<https://code.google.com/p/chromium/issues/detail ?id=117794>] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. The bugs [112317<https://code.google.com/p/chromium/issues/detail?id=112317>], [114056 <https://code.google.com/p/chromium/issues/detail?id=114056>] and [ 117471 <https://code.google.com/p/chromium/issues/detail?id=117471>] were detected using AddressSanitizer<http://code.google.com/p/address-sanitizer/wiki/Addre ssSanitizer> . We last seen 2020-06-05 modified 2014-06-13 plugin id 74592 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74592 title openSUSE Security Update : chromium (openSUSE-SU-2012:0492-1)
Oval
| accepted | 2013-08-12T04:07:30.216-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:15415 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2012-04-01T08:45:06.747-04:00 | ||||||||||||
| title | Vulnerability in Skia as used in Google Chrome before 18.0.1025.142 | ||||||||||||
| version | 44 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 52762 CVE ID: CVE-2011-3058,CVE-2011-3059,CVE-2011-3060,CVE-2011-3061,CVE-2011-3062,CVE-2011-3063,CVE-2011-3064,CVE-2011-3065 Google Chrome是由Google开发的一款设计简单、高效的Web浏览工具。 Google Chrome 18.0.1025.142之前版本在实现上存在多个安全漏洞,攻击者可利用这些漏洞执行任意代码、绕过安全限制、执行跨站脚本执行攻击。 0 Google Chrome < 18.0.1025.142 厂商补丁: Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.google.com |
| id | SSV:60015 |
| last seen | 2017-11-19 |
| modified | 2012-03-29 |
| published | 2012-03-29 |
| reporter | Root |
| title | Google Chrome 18.0.1025.142之前版本多个内存破坏漏洞 |
References
- http://code.google.com/p/chromium/issues/detail?id=117588
- http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html
- http://osvdb.org/80743
- http://secunia.com/advisories/48618
- http://secunia.com/advisories/48691
- http://secunia.com/advisories/48763
- http://www.securityfocus.com/bid/52762
- http://www.securitytracker.com/id?1026877
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74415
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15415