CVE-2011-3092 : The regex implementation in Google V8, as used in Google Chrome before 19.0.1084

The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors.

Published 2012-05-16 00:55:03

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2011-3092

Google » Chrome
Versions up to, including, (<=) 19.0.1084.45
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-3092

EPSS FAQ

2.94%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 85 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-3092

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2011-3092

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-3092

https://exchange.xforce.ibmcloud.com/vulnerabilities/75597

Google Chrome v8 regex code execution CVE-2011-3092 Vulnerability Report
http://security.gentoo.org/glsa/glsa-201205-03.xml

Chromium, V8: Multiple vulnerabilities (GLSA 201205-03) — Gentoo security

CVEs referencing this url
http://www.securityfocus.com/bid/53540

Google Chrome Prior to 19 Multiple Security Vulnerabilities

CVEs referencing this url
http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html

Chrome Releases: Stable Channel Update
Vendor Advisory

CVEs referencing this url
http://code.google.com/p/chromium/issues/detail?id=122337

122337 - [LangFuzz] Crash on heap with invalid write (32 bit only). - chromium - Monorail
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15610

Repository / Oval Repository
http://www.securitytracker.com/id?1027067

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code - SecurityTracker

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html

[security-announce] openSUSE-SU-2012:0656-1: important: update for chrom

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2011-3092

Products affected by CVE-2011-3092

Exploit prediction scoring system (EPSS) score for CVE-2011-3092

CVSS scores for CVE-2011-3092

CWE ids for CVE-2011-3092

References for CVE-2011-3092