CVE-2017-5000
published 2017-07-07CVE-2017-5000: EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low…
PriorityP418medium4.3CVSS 3.0
AVNACLPRLUINSUCLINAN
EPSS
1.30%
66.8th percentile
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emc | rsa_archer_egrc | — | — |
| emc | rsa_archer_egrc | — | — |
| emc | rsa_archer_egrc | — | — |
| emc | rsa_archer_egrc | — | — |
| emc | rsa_archer_egrc | — | — |
| emc | rsa_archer_egrc | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pp96-q9wp-6pjg: EMC RSA Archer 5
ghsa_unreviewed·2022-05-17
CVE-2017-5000 [MEDIUM] CWE-200 GHSA-pp96-q9wp-6pjg: EMC RSA Archer 5
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack.
Cisco
Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability
vendor_cisco·2017-08-16·CVSS 6.4
CVE-2017-6773 [MEDIUM] CWE-20 Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability
Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability
A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system.
The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.clou
Cisco
Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability
vendor_cisco·2017-08-16·CVSS 5.7
CVE-2017-6775 [MEDIUM] CWE-264 Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability
Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges.
The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/secur
Cisco
Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability
vendor_cisco·2017-08-16·CVSS 4.1
CVE-2017-6774 [MEDIUM] CWE-264 Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability
Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files.
The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2017081
Cisco
Cisco ASR 5000 Series Aggregation Services Routers GGSN Gateway Redirect Vulnerability
vendor_cisco·2017-07-19·CVSS 5.8
CVE-2017-6612 [MEDIUM] CWE-119 Cisco ASR 5000 Series Aggregation Services Routers GGSN Gateway Redirect Vulnerability
Cisco ASR 5000 Series Aggregation Services Routers GGSN Gateway Redirect Vulnerability
A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device.
The vulnerability exists because the affected device does not sufficiently validate HTTP traffic that contains one or more packets with additional bytes at the end of the packet. An attacker could exploit this vulnerability by changing the properties of a payload in HTTP traffic that is sent to an affected device. A successful exploit could allow the attacker to pipeline requests through an affected device without verifying and accounting for the requests.
There are no workarounds that address
Cisco
Cisco ASR 5000 Series Aggregation Services Routers Access Control List Security Bypass Vulnerability
vendor_cisco·2017-07-19·CVSS 5.3
CVE-2017-6672 [MEDIUM] CWE-264 Cisco ASR 5000 Series Aggregation Services Routers Access Control List Security Bypass Vulnerability
Cisco ASR 5000 Series Aggregation Services Routers Access Control List Security Bypass Vulnerability
A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device.
The vulnerability exists because the affected device fails to inspect and match certain traffic that meets the criteria defined in ACL rules configured for the device. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to bypass certain sets of rules defined in ACLs for the affected device.
There are no workarounds that address this vulnerability.
Cisco
Cisco StarOS Border Gateway Protocol Process Denial of Service Vulnerability
vendor_cisco·2017-07-05·CVSS 5.8
CVE-2017-6729 [MEDIUM] CWE-399 Cisco StarOS Border Gateway Protocol Process Denial of Service Vulnerability
Cisco StarOS Border Gateway Protocol Process Denial of Service Vulnerability
A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition.
The vulnerability is due to improper boundary controls for the BGP peering sessions list. An attacker could exploit this vulnerability by sending crafted TCP packets to an IPv4 or IPv6 interface on an affected system, if BGP is enabled for the system. By default, BGP is not enabled on the affected systems.
There are no workarounds that address this vulnerability.
Cisco
Cisco StarOS CLI Command Injection Vulnerability
vendor_cisco·2017-07-05·CVSS 8.2
CVE-2017-6707 [HIGH] CWE-78 Cisco StarOS CLI Command Injection Vulnerability
Cisco StarOS CLI Command Injection Vulnerability
A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system.
The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. A successful exploit could allow the attacker to break from the StarOS CLI and execute arbitra
Cisco
Cisco StarOS for ASR 5000 Series Routers IPsec VPN Tunnel Denial of Service Vulnerability
vendor_cisco·2017-06-21·CVSS 5.8
CVE-2017-3865 [MEDIUM] CWE-399 Cisco StarOS for ASR 5000 Series Routers IPsec VPN Tunnel Denial of Service Vulnerability
Cisco StarOS for ASR 5000 Series Routers IPsec VPN Tunnel Denial of Service Vulnerability
A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition.
The vulnerability is due to improper processing of Internet Key Exchange (IKE) messages. An attacker could exploit this vulnerability by sending crafted IKE messages toward an affected router. An exploit could allow the attacker to cause the ipsecmgr service to reload. A reload of the ipsecmgr service could result in all IPsec VPN tunnels being terminated and prevent new tunnels from being established until the service has restarted
Cisco
Cisco StarOS Arbitrary File Modification Vulnerability
vendor_cisco·2017-06-07·CVSS 4.1
CVE-2017-6690 [MEDIUM] CWE-264 Cisco StarOS Arbitrary File Modification Vulnerability
Cisco StarOS Arbitrary File Modification Vulnerability
A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system.
The vulnerability is due to insufficient input validation by the affected operating system. An attacker could exploit this vulnerability by sending crafted command-line requests to an affected system. A successful exploit could allow the attacker to overwrite or modify arbitrary files on the affected system.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor
Cisco
Cisco StarOS SSH Privilege Escalation Vulnerability
vendor_cisco·2017-03-15·CVSS 8.8
CVE-2017-3819 [HIGH] CWE-264 Cisco StarOS SSH Privilege Escalation Vulnerability
Cisco StarOS SSH Privilege Escalation Vulnerability
A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access.
The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router.
Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulner
Cisco
Cisco Nexus 5000, 6000, and 7000 Series Switches Software IS-IS Packet Processing Denial of Service Vulnerability
vendor_cisco·2017-01-18·CVSS 5.8
CVE-2017-3804 [MEDIUM] CWE-399 Cisco Nexus 5000, 6000, and 7000 Series Switches Software IS-IS Packet Processing Denial of Service Vulnerability
Cisco Nexus 5000, 6000, and 7000 Series Switches Software IS-IS Packet Processing Denial of Service Vulnerability
A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device.
The vulnerability is due to improper processing of crafted IS-IS protocol packets. An attacker could exploit this vulnerability by sending a crafted IS-IS protocol packet over an established adjacency. An exploit could allow the attacker to cause a reload of the affected device.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/cen
Cisco
Cisco StarOS Border Gateway Protocol Process Denial of Service Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-6729 Cisco StarOS Border Gateway Protocol Process Denial of Service Vulnerability
CVE-2017-6729: Cisco StarOS Border Gateway Protocol Process Denial of Service Vulnerability
A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper boundary controls for the BGP peering sessions list. An attacker could exploit this vulnerability by sending crafted TCP packets to an IPv4 or IPv6 interface on an affected system, if BGP is enabled for the system. By default, BGP is not enabled on the affected systems. There are no
CVSS: 3.0
CWE: CWE-399, CWE-399
B
Cisco
Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-6773 Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability
CVE-2017-6773: Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability
A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell. There are no
CVSS: 3.0
CWE: CWE-20, CWE-20
Bug IDs: CSCvd47722
Cisco
Cisco ASR 5000 Series Aggregation Services Routers GGSN Gateway Redirect Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-6612 Cisco ASR 5000 Series Aggregation Services Routers GGSN Gateway Redirect Vulnerability
CVE-2017-6612: Cisco ASR 5000 Series Aggregation Services Routers GGSN Gateway Redirect Vulnerability
A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. The vulnerability exists because the affected device does not sufficiently validate HTTP traffic that contains one or more packets with additional bytes at the end of the packet. An attacker could exploit this vulnerability by changing the properties of a payload in HTTP traffic that is sent to an affected device. A successful exploit could allow the attacker to pipeline requests through an affected device without verifying and accounting for the requests. There are no
CVSS: 3.0
CWE
Cisco
Cisco ASR 5000 Series Aggregation Services Routers Access Control List Security Bypass Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-6672 Cisco ASR 5000 Series Aggregation Services Routers Access Control List Security Bypass Vulnerability
CVE-2017-6672: Cisco ASR 5000 Series Aggregation Services Routers Access Control List Security Bypass Vulnerability
A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. The vulnerability exists because the affected device fails to inspect and match certain traffic that meets the criteria defined in ACL rules configured for the device. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to bypass certain sets of rules defined in ACLs for the affected device. There are no
CVSS: 3.0
CWE: CWE-264, CWE-264
Cisco
Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-6774 Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability
CVE-2017-6774: Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. There are no
CVSS: 3.0
CWE: CWE-264, CWE-264
Bug IDs: CSCvd47739
Cisco
Cisco StarOS Arbitrary File Modification Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-6690 Cisco StarOS Arbitrary File Modification Vulnerability
CVE-2017-6690: Cisco StarOS Arbitrary File Modification Vulnerability
A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. The vulnerability is due to insufficient input validation by the affected operating system. An attacker could exploit this vulnerability by sending crafted command-line requests to an affected system. A successful exploit could allow the attacker to overwrite or modify arbitrary files on the affected system. There are no
CVSS: 3.0
CWE: CWE-264, CWE-264
Bug IDs: CSCvd73726
Cisco
Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-6775 Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability
CVE-2017-6775: Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. There are no
CVSS: 3.0
CWE: CWE-264, CWE-264
Bug IDs: CSCvd47741
Cisco
Cisco StarOS for ASR 5000 Series Routers IPsec VPN Tunnel Denial of Service Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-3865 Cisco StarOS for ASR 5000 Series Routers IPsec VPN Tunnel Denial of Service Vulnerability
CVE-2017-3865: Cisco StarOS for ASR 5000 Series Routers IPsec VPN Tunnel Denial of Service Vulnerability
A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of Internet Key Exchange (IKE) messages. An attacker could exploit this vulnerability by sending crafted IKE messages toward an affected router. An exploit could allow the attacker to cause the ipsecmgr service to reload. A reload of the ipsecmgr service could result in all IPsec VPN tunnels being terminated and prevent new tunnels from being established until the service
Cisco
Cisco StarOS CLI Command Injection Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-6707 Cisco StarOS CLI Command Injection Vulnerability
CVE-2017-6707: Cisco StarOS CLI Command Injection Vulnerability
A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. A successful exploit could allow the attacker to break from the StarOS CLI and ex
Cisco
Cisco Nexus 5000, 6000, and 7000 Series Switches Software IS-IS Packet Processing Denial of Service Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-3804 Cisco Nexus 5000, 6000, and 7000 Series Switches Software IS-IS Packet Processing Denial of Service Vulnerability
CVE-2017-3804: Cisco Nexus 5000, 6000, and 7000 Series Switches Software IS-IS Packet Processing Denial of Service Vulnerability
A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. The vulnerability is due to improper processing of crafted IS-IS protocol packets. An attacker could exploit this vulnerability by sending a crafted IS-IS protocol packet over an established adjacency. An exploit could allow the attacker to cause a reload of the affected device. There are no
CVSS: 3.0
CWE: CWE-399, CWE-399
Bug IDs: CSCvc45002
Cisco
Cisco StarOS SSH Privilege Escalation Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-3819 Cisco StarOS SSH Privilege Escalation Vulnerability
CVE-2017-3819: Cisco StarOS SSH Privilege Escalation Vulnerability
A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-6058 chromium-browser: use-after-free in flash
bugzilla·2018-03-07·CVSS 9.8
CVE-2018-6058 [CRITICAL] CVE-2018-6058 chromium-browser: use-after-free in flash
CVE-2018-6058 chromium-browser: use-after-free in flash
An use after free flaw was found in the Flash component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=758848
External References:
https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1552502]
Affects: epel-7 [bug 1552504]
---
The Google blog post referenced in comment 0 was updated and no longer mentions this CVE. It now lists different CVE for this issue instead:
[$5000][758848] High CVE-2017-11215: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25
The CVE-2017-11215 is for Adobe Flash Player and it was previously covered by Adobe
Bugzilla
CVE-2018-6059 chromium-browser: use-after-free in flash
bugzilla·2018-03-07·CVSS 9.8
CVE-2018-6059 [CRITICAL] CVE-2018-6059 chromium-browser: use-after-free in flash
CVE-2018-6059 chromium-browser: use-after-free in flash
An use after free flaw was found in the Flash component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=758863
External References:
https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1552502]
Affects: epel-7 [bug 1552504]
---
The Google blog post referenced in comment 0 was updated and no longer mentions this CVE. It now lists different CVE for this issue instead:
[$5000][758863] High CVE-2017-11225: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25
The CVE-2017-11225 is for Adobe Flash Player and it was previously covered by Adobe
2017-07-07
Published