CVE-2010-1773 — Off-by-one Error in Google Chrome

CWE-193 — Off-by-one Error CWE-125 — Out-of-bounds Read10 documents4 sources

Severity

8.8HIGHNVD

EPSS

2.3%

top 15.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Canonical Ubuntu Linux Fedoraproject Fedora +2 more

Timeline

PublishedSep 24

Latest updateMay 13

Description

Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDgoogle/chrome< 5.0.375.70

▶NVDopensuse/opensuse11.2, 11.3+1

Also affects: Fedora 12, 13, Ubuntu Linux 10.04, 10.10, 9.10, Enterprise Linux 6.0

Patches

Patch: trac.webkit.org ↗Patch: trac.webkit.org ↗

🔴Vulnerability Details

GHSA

GHSA-rg88-8376-6jqq: Off-by-one error in the toAlphabetic function in rendering/RenderListMarker↗2022-05-13

▶

📋Vendor Advisories

Red Hat

WebKit: off-by-one memory read out of bounds vulnerability in handling of HTML lists↗2010-06-07

▶

Red Hat

webkitgtk: Memory corruption by rendering the list item's marker↗2010-05-24

▶

💬Community

Bugzilla

Please update to webkitgtk-1.2.3↗2010-07-18

▶

Bugzilla

update webkitgtk to 1.2.3↗2010-07-16

▶

Bugzilla

CVE-2010-2304 webkitgtk: Memory corruption by rendering the list item's marker↗2010-06-21

▶

Bugzilla

CVE-2010-1773 webkitgtk: Memory corruption by rendering the list item's marker [fedora-12]↗2010-06-21

▶

Bugzilla

CVE-2010-1772 CVE-2010-1773 webkitgtk various flaws [fedora-all]↗2010-06-21

▶