CVE-2017-3202
published 2018-06-11CVE-2017-3202: The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their…
PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
8.21%
94.2th percentile
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| exadel | flamingo | — | — |
| exadel | flamingo_amf-serializer | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Deserialization of Untrusted Data in Flamingo amf-serializer
ghsa·2022-05-13
CVE-2017-3202 [CRITICAL] CWE-502 Deserialization of Untrusted Data in Flamingo amf-serializer
Deserialization of Untrusted Data in Flamingo amf-serializer
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized.
OSV
Deserialization of Untrusted Data in Flamingo amf-serializer
osv·2022-05-13
CVE-2017-3202 [CRITICAL] Deserialization of Untrusted Data in Flamingo amf-serializer
Deserialization of Untrusted Data in Flamingo amf-serializer
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized.
Red Hat
chromium-browser: stack buffer overflow in quic
vendor_redhat·2017-11-06·CVSS 9.8
CVE-2017-15398 [CRITICAL] chromium-browser: stack buffer overflow in quic
chromium-browser: stack buffer overflow in quic
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.
Red Hat
chromium-browser: use after free in v8
vendor_redhat·2017-11-06·CVSS 8.8
CVE-2017-15399 [HIGH] chromium-browser: use after free in v8
chromium-browser: use after free in v8
A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Red Hat
cups: Insufficient restriction of IPP filters allows a remote attacker to execute commands with the privilege level of cups daemon
vendor_redhat·2017-10-27·CVSS 7.8
CVE-2017-15400 [HIGH] CWE-266 cups: Insufficient restriction of IPP filters allows a remote attacker to execute commands with the privilege level of cups daemon
cups: Insufficient restriction of IPP filters allows a remote attacker to execute commands with the privilege level of cups daemon
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue.
Package: cups (Red Hat Enterprise Linux 5) - Not affected
Package: cups (Red Hat Enterprise Linux 6) - Not affected
Package: cups (Red Hat Enterprise Linux 7) - Not affected
Package: cups (Red Hat Enterprise Linux 8) - Not affected
Package: cups (Red Hat Virtualization 4) - Not affected
Red Hat
chromium-browser: stack overflow in v8
vendor_redhat·2017-10-26·CVSS 6.5
CVE-2017-15396 [MEDIUM] chromium-browser: stack overflow in v8
chromium-browser: stack overflow in v8
A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Red Hat
chromium-browser: stack overflow in v8
vendor_redhat·2017-10-26·CVSS 8.8
CVE-2017-15406 [HIGH] chromium-browser: stack overflow in v8
chromium-browser: stack overflow in v8
A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Red Hat
chromium-browser: url spoofing in omnibox
vendor_redhat·2017-10-17·CVSS 6.5
CVE-2017-15389 [MEDIUM] chromium-browser: url spoofing in omnibox
chromium-browser: url spoofing in omnibox
An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Red Hat
chromium-browser: null pointer dereference in imagecapture
vendor_redhat·2017-10-17·CVSS 6.5
CVE-2017-15395 [MEDIUM] chromium-browser: null pointer dereference in imagecapture
chromium-browser: null pointer dereference in imagecapture
A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.
Red Hat
chromium-browser: referrer leak in devtools
vendor_redhat·2017-10-17·CVSS 8.8
CVE-2017-15393 [HIGH] chromium-browser: referrer leak in devtools
chromium-browser: referrer leak in devtools
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.
Red Hat
chromium-browser: ui spoofing in blink
vendor_redhat·2017-10-17·CVSS 6.5
CVE-2017-15386 [MEDIUM] chromium-browser: ui spoofing in blink
chromium-browser: ui spoofing in blink
Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Red Hat
chromium-browser: uxss with mhtml
vendor_redhat·2017-10-17·CVSS 6.1
CVE-2017-5124 [MEDIUM] chromium-browser: uxss with mhtml
chromium-browser: uxss with mhtml
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.
Red Hat
chromium-browser: url spoofing in extensions ui
vendor_redhat·2017-10-17·CVSS 6.5
CVE-2017-15394 [MEDIUM] chromium-browser: url spoofing in extensions ui
chromium-browser: url spoofing in extensions ui
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.
Red Hat
chromium-browser: use after free in webaudio
vendor_redhat·2017-10-17·CVSS 8.8
CVE-2017-5129 [HIGH] chromium-browser: use after free in webaudio
chromium-browser: use after free in webaudio
A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Red Hat
chromium-browser: out of bounds write in skia
vendor_redhat·2017-10-17·CVSS 8.8
CVE-2017-5133 [HIGH] chromium-browser: out of bounds write in skia
chromium-browser: out of bounds write in skia
Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.
Red Hat
chromium-browser: use after free in pdfium
vendor_redhat·2017-10-17·CVSS 8.8
CVE-2017-5126 [HIGH] chromium-browser: use after free in pdfium
chromium-browser: use after free in pdfium
A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Red Hat
chromium-browser: heap overflow in webgl
vendor_redhat·2017-10-17·CVSS 8.8
CVE-2017-5128 [HIGH] chromium-browser: heap overflow in webgl
chromium-browser: heap overflow in webgl
Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.
Red Hat
chromium-browser: incorrect stack manipulation in webassembly
vendor_redhat·2017-10-17·CVSS 8.8
CVE-2017-5132 [HIGH] chromium-browser: incorrect stack manipulation in webassembly
chromium-browser: incorrect stack manipulation in webassembly
Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.
Red Hat
chromium-browser: content security bypass
vendor_redhat·2017-10-17·CVSS 8.8
CVE-2017-15387 [HIGH] chromium-browser: content security bypass
chromium-browser: content security bypass
Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.
Red Hat
chromium-browser: incorrect registry key handling in platformintegration
vendor_redhat·2017-10-17·CVSS 4.3
CVE-2017-15392 [MEDIUM] chromium-browser: incorrect registry key handling in platformintegration
chromium-browser: incorrect registry key handling in platformintegration
Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.
Red Hat
chromium-browser: extension limitation bypass in extensions
vendor_redhat·2017-10-17·CVSS 6.5
CVE-2017-15391 [MEDIUM] chromium-browser: extension limitation bypass in extensions
chromium-browser: extension limitation bypass in extensions
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.
Red Hat
chromium-browser: use after free in pdfium
vendor_redhat·2017-10-17·CVSS 8.8
CVE-2017-5127 [HIGH] chromium-browser: use after free in pdfium
chromium-browser: use after free in pdfium
Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Red Hat
chromium-browser: out of bounds read in skia
vendor_redhat·2017-10-17·CVSS 8.8
CVE-2017-15388 [HIGH] chromium-browser: out of bounds read in skia
chromium-browser: out of bounds read in skia
Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Red Hat
chromium-browser: url spoofing in omnibox
vendor_redhat·2017-10-17·CVSS 6.5
CVE-2017-15390 [MEDIUM] chromium-browser: url spoofing in omnibox
chromium-browser: url spoofing in omnibox
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
Red Hat
chromium-browser: heap overflow in skia
vendor_redhat·2017-10-17·CVSS 8.8
CVE-2017-5125 [HIGH] chromium-browser: heap overflow in skia
chromium-browser: heap overflow in skia
Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Red Hat
chromium-browser: out of bounds write in skia
vendor_redhat·2017-10-17·CVSS 8.8
CVE-2017-5131 [HIGH] chromium-browser: out of bounds write in skia
chromium-browser: out of bounds write in skia
An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.
Red Hat
chromium-browser: heap overflow in libxml2
vendor_redhat·2017-10-17·CVSS 8.8
CVE-2017-5130 [HIGH] chromium-browser: heap overflow in libxml2
chromium-browser: heap overflow in libxml2
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
A heap overflow flaw was found in the libxml2 library. An application compiled with libxml2 using the vulnerable debug-only function xmlMemoryStrdup could be used by an attacker to crash the application or execute arbitrary code with the permission of the user running the application.
Statement: This issue does not affect the libxml library shipped with Red Hat Enterprise Linux because the affected code xmlMemoryStrdup() is a debug-only function that should never be called in production builds. The only exception is xmllint when inv
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Google PDFium Tiff Code Execution
blogs_talos·2017-10-19·CVSS 8.8
[HIGH] Vulnerability Spotlight: Google PDFium Tiff Code Execution
## Overview
Talos is disclosing a single off-by-one read/write vulnerability found in the TIFF image decoder functionality of PDFium as used in Google Chrome up to and including version 60.0.3112.101. Google Chrome is the most widely used web browser today and a specially crafted PDF could trigger the vulnerability resulting in memory corruption, possible information leak, and potential code execution. This issue has been fixed in Google Chrome version 62.0.3202.62.
## TALOS-2017-0432
Discovered by Aleksandar Nikolic of Cisco Talos
Talos-2017-0432 / CVE-2017-5133 is an off-by-one read/write vulnerability residing in the TIFF image decoder functionality of PDFium. PDFium is an open sourced PDF renderer developed by Google and used in the Chrome web browser, online services, and other st
Talos
Vulnerability Spotlight: Google PDFium Tiff Code Execution
blogs_talos·2017-10-19·CVSS 8.8
[HIGH] Vulnerability Spotlight: Google PDFium Tiff Code Execution
## Vulnerability Spotlight: Google PDFium Tiff Code Execution
## Overview
Talos is disclosing a single off-by-one read/write vulnerability found in the TIFF image decoder functionality of PDFium as used in Google Chrome up to and including version 60.0.3112.101. Google Chrome is the most widely used web browser today and a specially crafted PDF could trigger the vulnerability resulting in memory corruption, possible information leak, and potential code execution. This issue has been fixed in Google Chrome version 62.0.3202.62 .
## TALOS-2017-0432
Discovered by Aleksandar Nikolic of Cisco Talos
Talos-2017-0432 / CVE-2017-5133 is an off-by-one read/write vulnerability residing in the TIFF image decoder functionality of PDFium. PDFium is an open sourced PDF renderer developed by Google a
http://www.securityfocus.com/bid/97380http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-executionhttps://codewhitesec.blogspot.com/2017/04/amf.htmlhttps://www.kb.cert.org/vuls/id/307983http://www.securityfocus.com/bid/97380http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-executionhttps://codewhitesec.blogspot.com/2017/04/amf.htmlhttps://www.kb.cert.org/vuls/id/307983
2018-06-11
Published