[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-2555Date: (C)2009-07-21   (M)2023-12-22


Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-35722
SECUNIA-35844
OSVDB-55939
ADV-2009-1924
googlechrome-javascript-bo(51801)
http://code.google.com/p/chromium/issues/detail?id=14719
http://codereview.chromium.org/141042
http://codereview.chromium.org/141042/diff/6/1004
http://googlechromereleases.blogspot.com/2009/07/stable-beta-update-bug-fixes.html

CPE    29
cpe:/a:google:chrome:0.2.149.30
cpe:/a:google:chrome:1.0.154.39
cpe:/a:google:chrome:1.0.154.59
cpe:/a:google:chrome:1.0.154.36
...
CWE    1
CWE-119
OVAL    6
oval:org.secpod.oval:def:36775
oval:org.secpod.oval:def:36774
oval:org.secpod.oval:def:36801
oval:org.secpod.oval:def:36800
...

© SecPod Technologies