CVE-2011-3077 : Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the script bindings, related to a "read-after-free" issue.

Published 2012-04-05 22:02:08

Updated 2020-04-14 14:13:47

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Products affected by CVE-2011-3077

Google » Chrome
Versions before (<) 18.0.1025.151
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-3077

EPSS FAQ

1.79%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-3077

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2011-3077

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-3077

http://security.gentoo.org/glsa/glsa-201204-03.xml

Chromium: Multiple vulnerabilities (GLSA 201204-03) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/74637

Google Chrome focus code execution CVE-2011-3077 Vulnerability Report
Third Party Advisory;VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15343

Repository / Oval Repository
Third Party Advisory
http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html

Chrome Releases: Stable and Beta Channel Updates
Release Notes;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/52913

Google Chrome Prior to 18.0.1025.151 Multiple Security Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securitytracker.com/id?1026892

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://code.google.com/p/chromium/issues/detail?id=120189

120189 - Heap-use-after-free in WebCore::V8RecursionScope::didLeaveScriptContext - chromium - Monorail
Exploit;Vendor Advisory

Jump to

Vulnerability Details : CVE-2011-3077

Products affected by CVE-2011-3077

Exploit prediction scoring system (EPSS) score for CVE-2011-3077

CVSS scores for CVE-2011-3077

CWE ids for CVE-2011-3077

References for CVE-2011-3077