CVE-2011-1465 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 37.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedMar 20

Latest updateMay 13

Description

The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDgoogle/chrome< 11.0.696.14

Patches

Patch: code.google.com ↗Patch: src.chromium.org ↗Patch: code.google.com ↗

🔴Vulnerability Details

GHSA

GHSA-jvpm-2pmv-qc23: The SPDY implementation in net/http/http_network_transaction↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Netmechanica NetDecision HTTP Server - Denial of Service↗2012-02-29

▶

📋Vendor Advisories

Red Hat

kernel: cifs: signedness issue in CIFSFindNext()↗2011-08-23

▶

Red Hat

kernel: net: improve sequence number generation↗2011-08-07

▶

Red Hat

kernel: perf tools: may parse user-controlled configuration file↗2011-08-07

▶

Red Hat

kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message↗2011-07-28

▶

Red Hat

kernel: taskstats io infoleak↗2011-06-21

▶

💬Community

Bugzilla

CVE-2011-1577 kernel: corrupted GUID partition tables can cause kernel oops↗2011-04-13

▶