CVE-2017-5064 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources

Severity

8.8HIGHNVD

EPSS

1.0%

top 23.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedOct 27

Latest updateMay 14

Description

Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDgoogle/chrome< 58.0.3029.81

🔴Vulnerability Details

GHSA

GHSA-5xjr-4x2g-58cf: Incorrect handling of DOM changes in Blink in Google Chrome prior to 58↗2022-05-14

▶

OSV

CVE-2017-5064: Incorrect handling of DOM changes in Blink in Google Chrome prior to 58↗2017-10-27

▶

📋Vendor Advisories

Red Hat

chromium-browser: use after free in blink↗2017-04-19

▶

💬Community

Bugzilla

CVE-2017-5064 chromium-browser: use after free in blink↗2017-04-20

▶

Bugzilla

CVE-2017-5057 CVE-2017-5058 CVE-2017-5059 CVE-2017-5060 CVE-2017-5061 CVE-2017-5062 CVE-2017-5063 CVE-2017-5064 CVE-2017-5065 CVE-2017-5066 CVE-2017-5067 CVE-2017-5069 chromium: various flaws [fedora-↗2017-04-20

▶