CVE-2012-2864 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome OS

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources

Severity

10.0CRITICALNVD

EPSS

5.7%

top 9.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mesa3d Mesa Google Chrome OS

Timeline

PublishedAug 22

Latest updateMay 17

Description

Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDgoogle/chrome_os33 versions+32

▶Debianmesa3d/mesa< 8.0.4-2+3

🔴Vulnerability Details

GHSA

GHSA-x65c-jcc2-69r6: Mesa, as used in Google Chrome before 21↗2022-05-17

▶

OSV

CVE-2012-2864: Mesa, as used in Google Chrome before 21↗2012-08-22

▶

CVEList

CVE-2012-2864: Mesa, as used in Google Chrome before 21↗2012-08-22

▶

📋Vendor Advisories

Ubuntu

Mesa vulnerability↗2012-11-05

▶

Red Hat

mesa: Arbitrary code execution via unspecified vectors related to 'array overflow'↗2012-08-21

▶

Debian

CVE-2012-2864: mesa - Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and ...↗2012

▶

💬Community

Bugzilla

CVE-2012-2864 mesa: Arbitrary code execution via unspecified vectors related to 'array overflow' [fedora-all]↗2012-08-23

▶

Bugzilla

CVE-2012-2864 mesa: Arbitrary code execution via unspecified vectors related to 'array overflow'↗2012-08-22

▶