CVE-2010-1766
published 2010-07-22CVE-2010-1766: Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt…
PriorityP430high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.25%
80.7th percentile
Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| digia | qt | <= 4.6.2 | — |
| webkit | webkit | <= r56379 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6mww-pvfg-4qx6: Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake
ghsa_unreviewed·2022-05-17
CVE-2010-1766 [HIGH] GHSA-6mww-pvfg-4qx6: Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake
Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid.
Red Hat
WebKit: off-by-one memory corruption flaw WebSocketHandshake::readServerHandshake()
vendor_redhat·2010-06-07·CVSS 7.5
CVE-2010-1766 [HIGH] CWE-193 WebKit: off-by-one memory corruption flaw WebSocketHandshake::readServerHandshake()
WebKit: off-by-one memory corruption flaw WebSocketHandshake::readServerHandshake()
Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid.
Package: qt (Red Hat Enterprise Linux 6) - Will not fix
Package: webkitgtk (Red Hat Enterprise Linux 6) - Not affected
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-1772 CVE-2010-1773 webkitgtk various flaws [fedora-all]
bugzilla·2010-06-21·CVSS 7.5
CVE-2010-1772 [HIGH] CVE-2010-1772 CVE-2010-1773 webkitgtk various flaws [fedora-all]
CVE-2010-1772 CVE-2010-1773 webkitgtk various flaws [fedora-all]
fedora-13 tracking bug for webkitgtk: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
Adding parent bug CVE-2010-1766
New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=606295,596494
---
Adding parent bug CVE-2010-1772
New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=606295,596494,596498
---
Adding parent bug CVE-2010-1773
New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=606295,596494,596498,596500
---
Removing CVE-2010-1766 from the
Bugzilla
CVE-2010-1766 WebKit: off-by-one memory corruption flaw WebSocketHandshake::readServerHandshake()
bugzilla·2010-05-26·CVSS 7.5
CVE-2010-1766 [HIGH] CVE-2010-1766 WebKit: off-by-one memory corruption flaw WebSocketHandshake::readServerHandshake()
CVE-2010-1766 WebKit: off-by-one memory corruption flaw WebSocketHandshake::readServerHandshake()
An off by one memory corruption issue exists in WebSocketHandshake::readServerHandshake(). This issue is addressed by improved bounds checking.
References:
Bugzilla: https://bugs.webkit.org/show_bug.cgi?id=36339
Trac: http://trac.webkit.org/changeset/56380
Acknowledgements:
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Skylined of Google Chrome Security Team as the original reporter.
Discussion:
This is being made public now, we've been given the go-ahead from upstream to do so.
---
Created webkitgtk tracking bugs for this issue
Affects: fedora-all [bug 606304]
---
Created qt tracking bugs for this issue
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/40557http://secunia.com/advisories/41856http://secunia.com/advisories/43068http://trac.webkit.org/changeset/56380http://www.mandriva.com/security/advisories?name=MDVSA-2011:039http://www.ubuntu.com/usn/USN-1006-1http://www.vupen.com/english/advisories/2010/1801http://www.vupen.com/english/advisories/2010/2722http://www.vupen.com/english/advisories/2011/0212http://www.vupen.com/english/advisories/2011/0552https://bugs.webkit.org/show_bug.cgi?id=36339https://bugzilla.redhat.com/show_bug.cgi?id=596494http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/40557http://secunia.com/advisories/41856http://secunia.com/advisories/43068http://trac.webkit.org/changeset/56380http://www.mandriva.com/security/advisories?name=MDVSA-2011:039http://www.ubuntu.com/usn/USN-1006-1http://www.vupen.com/english/advisories/2010/1801http://www.vupen.com/english/advisories/2010/2722http://www.vupen.com/english/advisories/2011/0212http://www.vupen.com/english/advisories/2011/0552https://bugs.webkit.org/show_bug.cgi?id=36339https://bugzilla.redhat.com/show_bug.cgi?id=596494
2010-07-22
Published