CVE-2015-1252 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.2%

top 20.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Linux

Timeline

PublishedMay 20

Latest updateMay 17

Description

common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDgoogle/chrome42.0.2311.152

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-9qfw-82fr-g926: common/partial_circular_buffer↗2022-05-17

▶

OSV

CVE-2015-1252: common/partial_circular_buffer↗2015-05-20

▶

📋Vendor Advisories

Red Hat

chromium-browser: Sandbox escape in Chrome.↗2015-05-19

▶

💬Community

Bugzilla

CVE-2015-1252 chromium-browser: Sandbox escape in Chrome.↗2015-05-20

▶