VulDB: Google Chrome 19.0.1084.52 buffer overflow [CVE-2011-3106]
General
scipID: 5459
Affected: Google Chrome 19.0.1084.52
Published: 05/24/2012 (Dharani Govindan)
Risk: 
problematic
Entry: 88.4% complete
Created: 05/30/2012
Updated: 09/03/2012
Summary
A vulnerability was found in Google Chrome 19.0.1084.52 and classified as problematic. This issue affects an unknown function. The manipulation with an unknown input leads to a buffer overflow vulnerability. Impacted is confidentiality, integrity, and availability.
The weakness was shared 05/24/2012 by Dharani Govindan with Chromium development community as 122654 as knowledge base article (Website). The advisory is shared for download at code.google.com. The vendor cooperated in the coordination of the public release. The identification of this vulnerability is CVE-2011-3106 since 08/09/2011. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details are unknown but a private exploit is available.
Upgrading to version 19.0.1084.52 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (82251) and Secunia (SA49277).CVSS
Base Score: 9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Buffer overflow
Local: No
Remote: Yes
Availability: Yes
Access: Private
Countermeasures
Recommended: Upgrade
0-Day Time: 0 days since found
Upgrade: Chrome 19.0.1084.52
Timeline
08/09/2011 | CVE assigned
05/23/2012 | Countermeasure disclosed
05/24/2012 | Advisory disclosed
05/25/2012 | OSVDB entry created
05/30/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: 122654
Researcher: Dharani Govindan
Company: Chromium development community
Coordinated: Yes
OSVDB: 82251
CVE: CVE-2011-3106 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49277
- Latest Entries
- Apple iOS Mobile Hotspot generateDefaultPassword() schwache Authentisierung
- Cisco ASA CX TCP Packet Handler Denial of Service [CVE-2013-1203]
- Oracle Java Runtime Environment 2D erweiterte Rechte [CVE-2013-1500]
- Oracle Java Runtime Environment Networking erweiterte Rechte
- Oracle Javadoc Spoofing [CVE-2013-1571]
- Statistics
- Archive
