CVE-2011-3886 - Input Validation vulnerability in Google V8

Publication

2011-10-25

Last modification

2017-09-19

Summary

Google V8, as used in Google Chrome before 15.0.874.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers out-of-bounds write operations.

Classification

CWE-20 - Input Validation

Risk level (CVSS AV:N/AC:M/Au:N/C:P/I:P/A:P)

Medium

6.8

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

OVAL definition

{
    "accepted": "2013-08-12T04:01:32.400-04:00",
    "class": "vulnerability",
    "contributors": [
        {
            "name": "Shane Shaffer",
            "organization": "G2, Inc."
        },
        {
            "name": "Shane Shaffer",
            "organization": "G2, Inc."
        },
        {
            "name": "Shane Shaffer",
            "organization": "G2, Inc."
        },
        {
            "name": "Shane Shaffer",
            "organization": "G2, Inc."
        },
        {
            "name": "Maria Kedovskaya",
            "organization": "ALTX-SOFT"
        }
    ],
    "definition_extensions": [
        {
            "comment": "Google Chrome is installed",
            "oval": "oval:org.mitre.oval:def:11914"
        }
    ],
    "description": "Google V8, as used in Google Chrome before 15.0.874.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers out-of-bounds write operations.",
    "family": "windows",
    "id": "oval:org.mitre.oval:def:13201",
    "status": "accepted",
    "submitted": "2011-10-26T15:20:33.178-04:00",
    "title": "Google V8 out-of-bounds write operations vulnerability",
    "version": "48"
}

Affected Products

Vendor Product Versions
Google V8