Vulnerability Details : CVE-2015-1252
common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2015-1252
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1252
2.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1252
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2015-1252
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1252
-
https://codereview.chromium.org/1061053002
Issue 1061053002: Fix PartialCircularBuffer OOB memcpy(). - Code Review
-
http://www.securityfocus.com/bid/74723
Google Chrome Prior to 43.0.2357.65 Multiple Security Vulnerabilities
-
http://www.securitytracker.com/id/1032375
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Same-Origin Restrictions, and Spoof URLs - SecurityTracker
-
http://www.debian.org/security/2015/dsa-3267
Debian -- Security Information -- DSA-3267-1 chromium-browser
-
http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html
Chrome Releases: Stable Channel UpdatePatch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html
openSUSE-SU-2015:1877-1: moderate: Security update for Chromium
-
https://code.google.com/p/chromium/issues/detail?id=474029
Inloggen - Google Accounts
-
https://security.gentoo.org/glsa/201506-04
Chromium: Multiple vulnerabilities (GLSA 201506-04) — Gentoo security
-
http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html
Object not found!
Jump to