VulDB: Google Chrome up to 19.0.1084.51 denial of service [CVE-2011-3104]
General
scipID: 5449
Affected: Google Chrome up to 19.0.1084.51
Published: 05/23/2012 (Abhishek Arya (Inferno))
Risk: 
problematic
Entry: 89.5% complete
Created: 05/30/2012
Updated: 09/03/2012
Summary
A vulnerability classified as problematic was found in Google Chrome up to 19.0.1084.51. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a denial of service vulnerability. As an impact it is known to affect availability.
The weakness was shared 05/23/2012 by Abhishek Arya (Inferno) with Google Chrome Security Team as 118018 as knowledge base article (Website). The advisory is shared for download at code.google.com. The vendor cooperated in the coordination of the public release. This vulnerability is known as CVE-2011-3104 since 08/09/2011. The attack can be launched remotely. The exploitation doesn’t need any form of authentication. Technical details are unknown but a private exploit is available.
Upgrading to version 19.0.1084.52 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (82228) and Secunia (SA49277).CVSS
Base Score: 7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Denial of service
Local: No
Remote: Yes
Availability: Yes
Access: Private
Countermeasures
Recommended: Upgrade
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Upgrade: Chrome 19.0.1084.52
Timeline
08/09/2011 | CVE assigned
05/23/2012 | Advisory disclosed
05/23/2012 | Countermeasure disclosed
05/25/2012 | OSVDB entry created
05/30/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: 118018
Researcher: Abhishek Arya (Inferno)
Company: Google Chrome Security Team
Coordinated: Yes
OSVDB: 82228
CVE: CVE-2011-3104 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49277
- Latest Entries
- EMC RSA Authentication API Encryption Key information disclosure
- Cisco Secure Access Control System Web Interface weak authentication
- Python ssl.match_hostname() denial of service
- Mozilla Firefox/Thunderbird nsContentUtils::RemoveScriptBlocker buffer overflow
- Mozilla Firefox/Thunderbird nsFrameList::FirstChild buffer overflow
- Statistics
- Archive
