8.8

CVE-2019-13735

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 79.0.3945.79
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
FedoraprojectFedora Version30
FedoraprojectFedora Version31
RedhatEnterprise Linux Desktop Version6.0 HwPlatformx64
RedhatEnterprise Linux Desktop Version6.0 HwPlatformx86
RedhatEnterprise Linux For Scientific Computing Version6.0 HwPlatformx64
RedhatEnterprise Linux For Scientific Computing Version6.0 HwPlatformx86
RedhatEnterprise Linux Server Version6.0 HwPlatformx64
RedhatEnterprise Linux Server Version6.0 HwPlatformx86
RedhatEnterprise Linux Workstation Version6.0 HwPlatformx64
RedhatEnterprise Linux Workstation Version6.0 HwPlatformx86
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.84% 0.762
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://security.gentoo.org/glsa/202003-08
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html
Broken Link
https://access.redhat.com/errata/RHSA-2019:4238
Third Party Advisory
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/
https://seclists.org/bugtraq/2020/Jan/27
Third Party Advisory
Mailing List
https://www.debian.org/security/2020/dsa-4606
Third Party Advisory
https://crbug.com/1025468
Vendor Advisory
Permissions Required