CVE-2017-5052 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 33.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Redhat Enterprise Linux Desktop Redhat Enterprise Linux Server +1 more

Timeline

PublishedOct 27

Latest updateMay 13

Description

An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDgoogle/chrome< 57.0.2987.133+1

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

🔴Vulnerability Details

GHSA

GHSA-r5q6-cwh6-gh94: An incorrect assumption about block structure in Blink in Google Chrome prior to 57↗2022-05-13

▶

OSV

CVE-2017-5052: An incorrect assumption about block structure in Blink in Google Chrome prior to 57↗2017-10-27

▶

📋Vendor Advisories

Red Hat

chromium-browser: bad cast in blink↗2017-03-29

▶

💬Community

Bugzilla

CVE-2017-5052 chromium-browser: bad cast in blink↗2017-03-30

▶

Bugzilla

CVE-2017-5052 CVE-2017-5053 CVE-2017-5054 CVE-2017-5055 CVE-2017-5056 chromium: various flaws [fedora-all]↗2017-03-30

▶