Vulnerability Details : CVE-2011-1804
rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
Vulnerability category: Input validationDenial of service
Products affected by CVE-2011-1804
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1804
1.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1804
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2011-1804
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1804
-
http://trac.webkit.org/changeset/86862
Changeset 86862 – WebKitPatch;Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13992
Repository / Oval RepositoryThird Party Advisory
-
http://codereview.chromium.org/7050016
Issue 7050016: Merge 86448 - Code ReviewPatch;Vendor Advisory
-
http://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
http://www.securityfocus.com/bid/47965
Google Chrome Floats Rendering Memory Corruption VulnerabilityThird Party Advisory;VDB Entry
-
http://code.google.com/p/chromium/issues/detail?id=82546
82546 - Stale pointer in WebCore::RenderBlock::marginBeforeForChild - chromium - MonorailExploit;Issue Tracking;Patch;Vendor Advisory
Jump to