CVE-2010-1773

Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
googlechrome
𝑥
< 5.0.375.70
redhatenterprise_linux
6.0
canonicalubuntu_linux
9.10
canonicalubuntu_linux
10.04
canonicalubuntu_linux
10.10
opensuseopensuse
11.2
opensuseopensuse
11.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
Fixed 6.0.472.62~r59676-0ubuntu0.10.04.1
released
karmic
dne
jaunty
dne
hardy
dne
dapper
dne
qt4-x11
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
ignored
karmic
ignored
jaunty
ignored
hardy
not-affected
dapper
not-affected
webkit
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
Fixed 1.2.5-0ubuntu0.10.04.1
released
karmic
Fixed 1.2.5-0ubuntu0.9.10.1
released
jaunty
ignored
hardy
ignored
dapper
dne
Common Weakness Enumeration
References
http://code.google.com/p/chromium/issues/detail?id=44955
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/40072
http://secunia.com/advisories/40557
http://secunia.com/advisories/41856
http://secunia.com/advisories/43068
http://trac.webkit.org/changeset/59950
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
http://www.securityfocus.com/bid/41575
http://www.ubuntu.com/usn/USN-1006-1
http://www.vupen.com/english/advisories/2010/1801
http://www.vupen.com/english/advisories/2010/2722
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2011/0552
https://bugs.webkit.org/show_bug.cgi?id=39508
https://bugzilla.redhat.com/show_bug.cgi?id=596500
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11830
http://code.google.com/p/chromium/issues/detail?id=44955
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/40072
http://secunia.com/advisories/40557
http://secunia.com/advisories/41856
http://secunia.com/advisories/43068
http://trac.webkit.org/changeset/59950
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
http://www.securityfocus.com/bid/41575
http://www.ubuntu.com/usn/USN-1006-1
http://www.vupen.com/english/advisories/2010/1801
http://www.vupen.com/english/advisories/2010/2722
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2011/0552
https://bugs.webkit.org/show_bug.cgi?id=39508
https://bugzilla.redhat.com/show_bug.cgi?id=596500
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11830