CVE-2011-3045 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Vendor	Product	Version
google	chrome	𝑥 < 17.0.963.83
redhat	gluster_storage	2.0
redhat	storage	2.0
redhat	storage_for_public_cloud	2.0
debian	debian_linux	6.0
opensuse	opensuse	12.1
redhat	enterprise_linux	5.0
redhat	enterprise_linux	6.0
redhat	enterprise_linux_desktop	5.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_server_aus	6.2
redhat	enterprise_linux_server_eus	6.2
redhat	enterprise_linux_workstation	5.0
redhat	enterprise_linux_workstation	6.0
libpng	libpng	𝑥 < 1.5.10

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

chromium-browser

precise	not-affected
oneiric	not-affected
natty	not-affected
maverick	not-affected
lucid	not-affected
hardy	dne

firefox

precise	not-affected
oneiric	not-affected
natty	not-affected
maverick	ignored
lucid	not-affected
hardy	ignored

libpng

precise	Fixed 1.2.46-3ubuntu3 released
oneiric	Fixed 1.2.46-3ubuntu1.2 released
natty	Fixed 1.2.44-1ubuntu3.3 released
maverick	Fixed 1.2.44-1ubuntu0.3 released
lucid	Fixed 1.2.42-1ubuntu2.4 released
hardy	Fixed 1.2.15~beta5-3ubuntu0.6 released

thunderbird

precise	not-affected
oneiric	not-affected
natty	not-affected
maverick	ignored
lucid	not-affected
hardy	ignored

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
CWE-195 - Signed to Unsigned Conversion Error
The software uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive.

References

http://code.google.com/p/chromium/issues/detail?id=116162

http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html

http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html

http://rhn.redhat.com/errata/RHSA-2012-0407.html

http://rhn.redhat.com/errata/RHSA-2012-0488.html

http://secunia.com/advisories/48320

http://secunia.com/advisories/48485

http://secunia.com/advisories/48512

http://secunia.com/advisories/48554

http://secunia.com/advisories/49660

http://security.gentoo.org/glsa/glsa-201206-15.xml

http://src.chromium.org/viewvc/chrome?view=rev&revision=125311

http://www.debian.org/security/2012/dsa-2439

http://www.mandriva.com/security/advisories?name=MDVSA-2012:033

http://www.securitytracker.com/id?1026823

https://bugzilla.redhat.com/show_bug.cgi?id=799000

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763

http://code.google.com/p/chromium/issues/detail?id=116162

http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html

http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html

http://rhn.redhat.com/errata/RHSA-2012-0407.html

http://rhn.redhat.com/errata/RHSA-2012-0488.html

http://secunia.com/advisories/48320

http://secunia.com/advisories/48485

http://secunia.com/advisories/48512

http://secunia.com/advisories/48554

http://secunia.com/advisories/49660

http://security.gentoo.org/glsa/glsa-201206-15.xml

http://src.chromium.org/viewvc/chrome?view=rev&revision=125311

http://www.debian.org/security/2012/dsa-2439

http://www.mandriva.com/security/advisories?name=MDVSA-2012:033

http://www.securitytracker.com/id?1026823

https://bugzilla.redhat.com/show_bug.cgi?id=799000

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763