CVE-2017-5009Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources
Severity
8.8HIGHNVD
OSV6.1
EPSS
0.8%
top 25.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedFeb 17
Latest updateMay 14

Description

WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDgoogle/chrome55.0.2883.87

🔴Vulnerability Details

3
GHSA
GHSA-vv5v-9gpc-2m82: WebRTC in Google Chrome prior to 562022-05-14
OSV
oxide-qt vulnerabilities2017-02-08
OSV
CVE-2017-5009: WebRTC in Google Chrome prior to 562017-01-27

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2017-02-08
Red Hat
chromium-browser: out of bounds memory access in webrtc2017-01-25

💬Community

2
Bugzilla
chromium: various flaws [fedora-all]2017-01-26
Bugzilla
CVE-2017-5009 chromium-browser: out of bounds memory access in webrtc2017-01-26