CVE-2011-1449

Опубликовано: 03 мая 2011

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Уязвимость use-after-free в реализации WebSockets в Google Chrome, позволяющая вызвать DoS атаку

Описание

Уязвимость use-after-free в реализации WebSockets в браузере Google Chrome до версии 11.0.696.57 позволяет злоумышленникам вызвать DoS атаку или, возможно, привести к другим неуказанным последствиям через неизвестные методы.

Затронутые версии ПО

Google Chrome < 11.0.696.57

Тип уязвимости

Use-after-free
DoS атака
Другие неуказанные последствия

Ссылки

http://code.google.com/p/chromium/issues/detail?id=77346
Exploit
Issue Tracking
Patch
Vendor Advisory
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
Vendor Advisory
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
Mailing List
Third Party Advisory
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html
Mailing List
Third Party Advisory
http://support.apple.com/kb/HT4808
Third Party Advisory
http://support.apple.com/kb/HT4981
Third Party Advisory
http://support.apple.com/kb/HT4999
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/67156
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14478
Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=77346
Exploit
Issue Tracking
Patch
Vendor Advisory
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
Vendor Advisory
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
Mailing List
Third Party Advisory
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html
Mailing List
Third Party Advisory
http://support.apple.com/kb/HT4808
Third Party Advisory
http://support.apple.com/kb/HT4981
Third Party Advisory
http://support.apple.com/kb/HT4999
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/67156
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14478
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Версия до 11.0.696.57 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*

Версия до 10.5 (исключая)

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Версия до 5.0.6 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 5.0 (исключая)

EPSS

Процентиль: 84%

0.0234

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

CVE-2011-1449

ubuntu

больше 14 лет назад

Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2011-1449

debian

больше 14 лет назад

Use-after-free vulnerability in the WebSockets implementation in Googl ...

GHSA-c7pr-h9w8-3pxx

github

больше 3 лет назад

EPSS

Процентиль: 84%

0.0234

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-416