8.8

CVE-2010-1773

Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 5.0.375.70
RedhatEnterprise Linux Version6.0
CanonicalUbuntu Linux Version9.10
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version10.10
OpensuseOpensuse Version11.2
OpensuseOpensuse Version11.3
FedoraprojectFedora Version12
FedoraprojectFedora Version13
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.15% 0.797
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-193 Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/43068
Broken Link
http://www.vupen.com/english/advisories/2011/0212
Broken Link
http://secunia.com/advisories/41856
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
Broken Link
http://www.ubuntu.com/usn/USN-1006-1
Third Party Advisory
http://www.vupen.com/english/advisories/2010/2722
Broken Link
http://www.vupen.com/english/advisories/2011/0552
Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/40557
Broken Link
http://www.vupen.com/english/advisories/2010/1801
Broken Link
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html
Vendor Advisory
Release Notes
http://secunia.com/advisories/40072
Broken Link
http://code.google.com/p/chromium/issues/detail?id=44955
Vendor Advisory
Mailing List
http://trac.webkit.org/changeset/59950
Patch
Vendor Advisory
Mailing List
http://www.securityfocus.com/bid/41575
Third Party Advisory
VDB Entry
https://bugs.webkit.org/show_bug.cgi?id=39508
Vendor Advisory
Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=596500
Third Party Advisory
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11830
Third Party Advisory