Vulnerability Name:

CVE-2009-2556 (CCN-51802)

Assigned:2009-07-16
Published:2009-07-16
Updated:2017-08-17
Summary:Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-2556

Source: CCN
Type: Google Chrome Releases Blog
Stable, Beta update: Bug fixes

Source: CONFIRM
Type: Vendor Advisory
http://googlechromereleases.blogspot.com/2009/07/stable-beta-update-bug-fixes.html

Source: CCN
Type: SA35844
Google Chrome JavaScript Regular Expressions Memory Corruption

Source: SECUNIA
Type: Vendor Advisory
35844

Source: CCN
Type: Google Chrome Web site
Google Chrome

Source: CCN
Type: OSVDB ID: 56245
Google Chrome Renderer Access "Excessive Memory Allocation" Unspecified Memory Corruption

Source: BID
Type: UNKNOWN
35723

Source: CCN
Type: BID-35723
Google Chrome Privilege Escalation Weakness

Source: VUPEN
Type: Vendor Advisory
ADV-2009-1924

Source: XF
Type: UNKNOWN
googlechrome-buffers-code-execution(51802)

Source: XF
Type: UNKNOWN
googlechrome-buffers-code-execution(51802)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.43:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.46:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.48:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.52:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.53:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.59:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.156.1:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.157.0:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.157.2:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.158.0:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.159.0:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.172:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.172.30:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.172.31:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:*:*:*:*:*:*:*:* (Version <= 2.0.172.33)

  • Configuration CCN 1:
  • cpe:/a:google:chrome:0.2.149.27:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.43:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.53:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.157.0:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.157.2:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.156.1:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.158.0:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.159.0:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.46:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.59:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.48:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.64:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.65:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.172.30:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.52:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.172.31:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.172.33:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    google chrome 0.2.149.29
    google chrome 0.2.149.30
    google chrome 0.2.152.1
    google chrome 0.2.153.1
    google chrome 0.3.154.0
    google chrome 0.3.154.3
    google chrome 0.4.154.18
    google chrome 0.4.154.22
    google chrome 0.4.154.31
    google chrome 0.4.154.33
    google chrome 1.0.154.36
    google chrome 1.0.154.39
    google chrome 1.0.154.42
    google chrome 1.0.154.43
    google chrome 1.0.154.46
    google chrome 1.0.154.48
    google chrome 1.0.154.52
    google chrome 1.0.154.53
    google chrome 1.0.154.59
    google chrome 2.0.156.1
    google chrome 2.0.157.0
    google chrome 2.0.157.2
    google chrome 2.0.158.0
    google chrome 2.0.159.0
    google chrome 2.0.172
    google chrome 2.0.172.30
    google chrome 2.0.172.31
    google chrome *
    google chrome 0.2.149.27
    google chrome 0.2.149.29
    google chrome 0.2.149.30
    google chrome 1.0.154.36
    google chrome 1.0.154.43
    google chrome 1.0.154.42
    google chrome 1.0.154.39
    google chrome 0.4.154.33
    google chrome 0.4.154.31
    google chrome 0.4.154.22
    google chrome 0.4.154.18
    google chrome 0.3.154.3
    google chrome 0.3.154.0
    google chrome 0.2.153.1
    google chrome 0.2.152.1
    google chrome 1.0.154.53
    google chrome 2.0.157.0
    google chrome 2.0.157.2
    google chrome 2.0.156.1
    google chrome 2.0.158.0
    google chrome 2.0.159.0
    google chrome 1.0.154.46
    google chrome 1.0.154.59
    google chrome 1.0.154.48
    google chrome 1.0.154.64
    google chrome 1.0.154.65
    google chrome 2.0.172.30
    google chrome 1.0.154.52
    google chrome 2.0.172.31
    google chrome 2.0.172.33