CVE-2010-1773

Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.

CVSS v3.0 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html	Mailing List Third Party Advisory
http://secunia.com/advisories/40072	Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=596500	Issue Tracking Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html	Mailing List Third Party Advisory
http://trac.webkit.org/changeset/59950	Mailing List Patch Vendor Advisory
https://bugs.webkit.org/show_bug.cgi?id=39508	Permissions Required Vendor Advisory
http://secunia.com/advisories/40557	Broken Link
http://www.vupen.com/english/advisories/2010/1801	Broken Link
http://code.google.com/p/chromium/issues/detail?id=44955	Mailing List Vendor Advisory
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html	Release Notes Vendor Advisory
http://www.vupen.com/english/advisories/2010/2722	Broken Link
http://www.ubuntu.com/usn/USN-1006-1	Third Party Advisory
http://secunia.com/advisories/41856	Broken Link
http://secunia.com/advisories/43068	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	Mailing List Third Party Advisory
http://www.vupen.com/english/advisories/2011/0212	Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039	Broken Link
http://www.vupen.com/english/advisories/2011/0552	Broken Link
http://www.securityfocus.com/bid/41575	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11830	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:opensuse:opensuse:11.2:::::::*
	cpe:2.3:o:opensuse:opensuse:11.3:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:12:::::::*
	cpe:2.3:o:fedoraproject:fedora:13:::::::*

Information

Published : 2010-09-24 12:00

Updated : 2020-08-14 09:23

NVD link : CVE-2010-1773

Mitre link : CVE-2010-1773

JSON object : View

CWE

CWE-193

Off-by-one Error

Products Affected

redhat

enterprise_linux

google

chrome

fedoraproject

fedora

canonical

ubuntu_linux

opensuse

opensuse

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html", "name": "FEDORA-2010-11011", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/40072", "name": "40072", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596500", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=596500", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html", "name": "FEDORA-2010-11020", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://trac.webkit.org/changeset/59950", "name": "http://trac.webkit.org/changeset/59950", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugs.webkit.org/show_bug.cgi?id=39508", "name": "https://bugs.webkit.org/show_bug.cgi?id=39508", "tags": ["Permissions Required", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/40557", "name": "40557", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2010/1801", "name": "ADV-2010-1801", "tags": ["Broken Link"], "refsource": "VUPEN"}, {"url": "http://code.google.com/p/chromium/issues/detail?id=44955", "name": "http://code.google.com/p/chromium/issues/detail?id=44955", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html", "name": "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2010/2722", "name": "ADV-2010-2722", "tags": ["Broken Link"], "refsource": "VUPEN"}, {"url": "http://www.ubuntu.com/usn/USN-1006-1", "name": "USN-1006-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/41856", "name": "41856", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/43068", "name": "43068", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html", "name": "SUSE-SR:2011:002", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.vupen.com/english/advisories/2011/0212", "name": "ADV-2011-0212", "tags": ["Broken Link"], "refsource": "VUPEN"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039", "name": "MDVSA-2011:039", "tags": ["Broken Link"], "refsource": "MANDRIVA"}, {"url": "http://www.vupen.com/english/advisories/2011/0552", "name": "ADV-2011-0552", "tags": ["Broken Link"], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/bid/41575", "name": "41575", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11830", "name": "oval:org.mitre.oval:def:11830", "tags": ["Third Party Advisory"], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-193"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-1773", "ASSIGNER": "product-security@apple.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2010-09-24T19:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.0.375.70"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-08-14T16:23Z"}

8.8 /10