Vulnerabilities > CVE-2012-5154 - Numeric Errors vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
opensuse
google
CWE-189
nessus
NVD
Published: 2013-01-15
Updated: 2024-11-21

Summary

Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory.

Vulnerable Configurations

Part Description Count
OS
Opensuse
2
OS
Microsoft
1
Application
Google
2651

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idGOOGLE_CHROME_24_0_1312_52.NASL
    descriptionThe version of Google Chrome installed on the remote host is earlier than 24.0.1312.52 and is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to SVG layout, DOM handling, video seeking, PDF fields and printing. (CVE-2012-5145, CVE-2012-5147, CVE-2012-5150, CVE-2012-5156, CVE-2013-0832) - An error related to malformed URLs can allow a Same Origin Policy (SOP) bypass, thereby allowing cross-site scripting attacks. (CVE-2012-5146) - A user-input validation error exists related to filenames and hyphenation support. (CVE-2012-5148) - Integer overflow errors exist related to audio IPC handling, PDF JavaScript and shared memory allocation. (CVE-2012-5149, CVE-2012-5151, CVE-2012-5154) - Out-of-bounds read errors exist related to video seeking, PDF image handling, printing and glyph handling. (CVE-2012-5152, CVE-2012-5157, CVE-2012-0833, CVE-2012-0834) - An out-of-bounds stack access error exists in the v8 JavaScript engine. (CVE-2012-5153) - A casting error exists related to PDF
    last seen2020-06-01
    modified2020-06-02
    plugin id63468
    published2013-01-10
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63468
    titleGoogle Chrome < 24.0.1312.52 Multiple Vulnerabilities
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(63468);
  script_version("1.19");
  script_cvs_date("Date: 2019/12/04");

  script_cve_id(
    "CVE-2012-5145",
    "CVE-2012-5146",
    "CVE-2012-5147",
    "CVE-2012-5148",
    "CVE-2012-5149",
    "CVE-2012-5150",
    "CVE-2012-5151",
    "CVE-2012-5152",
    "CVE-2012-5153",
    "CVE-2012-5154",
    "CVE-2012-5156",
    "CVE-2012-5157",
    "CVE-2013-0630",
    "CVE-2013-0828",
    "CVE-2013-0829",
    "CVE-2013-0830",
    "CVE-2013-0831",
    "CVE-2013-0832",
    "CVE-2013-0833",
    "CVE-2013-0834",
    "CVE-2013-0835",
    "CVE-2013-0836",
    "CVE-2013-0837"
  );
  script_bugtraq_id(
    57184,
    59413,
    59414,
    59415,
    59416,
    59417,
    59418,
    59419,
    59420,
    59422,
    59423,
    59424,
    59425,
    59426,
    59427,
    59428,
    59429,
    59430,
    59431,
    59435,
    59436,
    59437,
    59438
  );

  script_name(english:"Google Chrome < 24.0.1312.52 Multiple Vulnerabilities");
  script_summary(english:"Checks version number of Google Chrome");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote host is earlier
than 24.0.1312.52 and is, therefore, affected by the following
vulnerabilities :

  - Use-after-free errors exist related to SVG layout,
    DOM handling, video seeking, PDF fields and printing.
    (CVE-2012-5145, CVE-2012-5147, CVE-2012-5150,
    CVE-2012-5156, CVE-2013-0832)

  - An error related to malformed URLs can allow a Same
    Origin Policy (SOP) bypass, thereby allowing cross-site
    scripting attacks. (CVE-2012-5146)

  - A user-input validation error exists related to filenames
    and hyphenation support. (CVE-2012-5148)

  - Integer overflow errors exist related to audio IPC
    handling, PDF JavaScript and shared memory allocation.
    (CVE-2012-5149, CVE-2012-5151, CVE-2012-5154)

  - Out-of-bounds read errors exist related to video
    seeking, PDF image handling, printing and glyph
    handling. (CVE-2012-5152, CVE-2012-5157,
    CVE-2012-0833, CVE-2012-0834)

  - An out-of-bounds stack access error exists in the
    v8 JavaScript engine. (CVE-2012-5153)

  - A casting error exists related to PDF 'root' handling.
    (CVE-2013-0828)

  - An unspecified error exists that can corrupt database
    metadata leading to incorrect file access.
    (CVE-2013-0829)

  - An error exists related to IPC and 'NUL' termination.
    (CVE-2013-0830)

  - An error exists related to extensions that may allow
    improper path traversals. (CVE-2013-0831)

  - An unspecified error exists related to geolocation.
    (CVE-2013-0835)

  - An unspecified error exists related to garbage
    collection in the v8 JavaScript engine. (CVE-2013-0836)

  - An unspecified error exists related to extension tab
    handling. (CVE-2013-0837)

  - The bundled version of Adobe Flash Player contains
    flaws that can lead to arbitrary code execution.
    (CVE-2013-0630)

Successful exploitation of some of these issues could lead to an
application crash or even allow arbitrary code execution, subject to the
user's privileges.");
  # https://chromereleases.googleblog.com/2013/01/stable-channel-update.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d71ffa01");
  script_set_attribute(attribute:"see_also", value:"http://www.adobe.com/support/security/bulletins/apsb13-01.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Google Chrome 24.0.1312.52 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0630");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/01/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("google_chrome_installed.nasl");
  script_require_keys("SMB/Google_Chrome/Installed");

  exit(0);
}

include("google_chrome_version.inc");

get_kb_item_or_exit("SMB/Google_Chrome/Installed");

installs = get_kb_list("SMB/Google_Chrome/*");
google_chrome_check_version(installs:installs, fix:'24.0.1312.52', severity:SECURITY_HOLE, xss:TRUE);
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-72.NASL
    description - Update to 26.0.1383 - Security fixes (bnc#798326) - CVE-2012-5145: Use-after-free in SVG layout - CVE-2012-5146: Same origin policy bypass with malformed URL - CVE-2012-5147: Use-after-free in DOM handling - CVE-2012-5148: Missing filename sanitization in hyphenation support - CVE-2012-5149: Integer overflow in audio IPC handling - CVE-2012-5150: Use-after-free when seeking video - CVE-2012-5152: Out-of-bounds read when seeking video - CVE-2012-5153: Out-of-bounds stack access in v8. - CVE-2012-5154: Integer overflow in shared memory allocation - CVE-2013-0830: Missing NUL termination in IPC. - CVE-2013-0831: Possible path traversal from extension process - CVE-2013-0832: Use-after-free with printing. - CVE-2013-0833: Out-of-bounds read with printing. - CVE-2013-0834: Out-of-bounds read with glyph handling - CVE-2013-0835: Browser crash with geolocation - CVE-2013-0836: Crash in v8 garbage collection. - CVE-2013-0837: Crash in extension tab handling. - CVE-2013-0838: Tighten permissions on shared memory segments - Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys . # Note: these are for openSUSE Chromium builds ONLY!! (Setup was done based on indication from Pawel Hajdan) - Change the default setting for password-store to basic. (bnc#795860) - Fixes from Update to 25.0.1352 - Fixed garbled header and footer text in print preview. - Fixed broken profile with system-wide installation and - Fixed stability crashes like 158747, 159437, 149139, 160914, - Add a configuration file (/etc/default/chromium) where we can indicate flags for the chromium-browser. - (gtk) Fixed <input> selection renders white text on white - Fixed translate infobar button to show selected language. - Update to 25.0.1329 - No further indications in the ChangeLog - Update to 25.0.1319 - No further indications in the Changelog - Update to 24.0.1308 - Updated V8 - 3.14.5.0 - Bookmarks are now searched by their title while typing into the omnibox with matching bookmarks being shown in the autocomplete suggestions pop-down list. Matching is done by prefix. - Fixed chromium issues 155871, 154173, 155133. - No further indications in the ChangeLog. - Update to 24.0.1283
    last seen2020-06-05
    modified2014-06-13
    plugin id75155
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75155
    titleopenSUSE Security Update : chromium (openSUSE-SU-2013:0236-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201309-16.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70112
    published2013-09-25
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70112
    titleGLSA-201309-16 : Chromium, V8: Multiple vulnerabilities

Oval

accepted2013-08-12T04:08:23.393-04:00
classvulnerability
contributors
  • nameShane Shaffer
    organizationG2, Inc.
  • nameJonathan Baker
    organizationThe MITRE Corporation
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentGoogle Chrome is installed
ovaloval:org.mitre.oval:def:11914
descriptionInteger overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory.
familywindows
idoval:org.mitre.oval:def:16318
statusaccepted
submitted2013-01-16T09:35:49.141-05:00
titleInteger overflow in Google Chrome before 24.0.1312.52 on Windows via vectors related to allocation of shared memory
version44

References