Vulnerability Details : CVE-2012-5132
Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service (application crash) via a response with chunked transfer coding.
Vulnerability category: Denial of service
Products affected by CVE-2012-5132
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.55:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.40:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.60:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.88:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.83:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.84:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.85:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.86:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.87:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.64:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.62:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-5132
1.66%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-5132
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2012-5132
-
http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
http://www.securityfocus.com/bid/56684
Google Chrome Prior to 23.0.1271.91 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15040
Repository / Oval Repository
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/80293
Google Chrome chunked encoding denial of service CVE-2012-5132 Vulnerability Report
-
http://www.securitytracker.com/id?1027815
Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html
[security-announce] openSUSE-SU-2012:1637-1: important: Chromium to 25.0Third Party Advisory
-
https://code.google.com/p/chromium/issues/detail?id=155711
155711 - Security: forced oom in browser process due to indefinitely growing buffer in chunked decoder - chromium - MonorailPatch;Issue Tracking
Jump to