Vulnerability Name:
CVE-2009-2556 (CCN-51802)
Assigned:
2009-07-16
Published:
2009-07-16
Updated:
2017-08-17
Summary:
Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation.
CVSS v3 Severity:
5.6 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
9.3 High
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
)
6.9 Medium
(Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
5.1 Medium
(CCN CVSS v2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
)
3.8 Low
(CCN Temporal CVSS v2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
High
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-119
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2009-2556
Source: CCN
Type: Google Chrome Releases Blog
Stable, Beta update: Bug fixes
Source: CONFIRM
Type: Vendor Advisory
http://googlechromereleases.blogspot.com/2009/07/stable-beta-update-bug-fixes.html
Source: CCN
Type: SA35844
Google Chrome JavaScript Regular Expressions Memory Corruption
Source: SECUNIA
Type: Vendor Advisory
35844
Source: CCN
Type: Google Chrome Web site
Google Chrome
Source: CCN
Type: OSVDB ID: 56245
Google Chrome Renderer Access "Excessive Memory Allocation" Unspecified Memory Corruption
Source: BID
Type: UNKNOWN
35723
Source: CCN
Type: BID-35723
Google Chrome Privilege Escalation Weakness
Source: VUPEN
Type: Vendor Advisory
ADV-2009-1924
Source: XF
Type: UNKNOWN
googlechrome-buffers-code-execution(51802)
Source: XF
Type: UNKNOWN
googlechrome-buffers-code-execution(51802)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.43:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.46:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.48:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.52:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.53:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.59:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:2.0.156.1:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:2.0.157.0:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:2.0.157.2:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:2.0.158.0:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:2.0.159.0:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:2.0.172:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:2.0.172.30:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:2.0.172.31:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:*:*:*:*:*:*:*:*
(Version <= 2.0.172.33)
Configuration CCN 1
:
cpe:/a:google:chrome:0.2.149.27:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.43:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.53:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:2.0.157.0:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:2.0.157.2:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:2.0.156.1:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:2.0.158.0:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:2.0.159.0:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.46:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.59:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.48:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.64:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.65:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:2.0.172.30:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:1.0.154.52:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:2.0.172.31:*:*:*:*:*:*:*
OR
cpe:/a:google:chrome:2.0.172.33:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
google
chrome 0.2.149.29
google
chrome 0.2.149.30
google
chrome 0.2.152.1
google
chrome 0.2.153.1
google
chrome 0.3.154.0
google
chrome 0.3.154.3
google
chrome 0.4.154.18
google
chrome 0.4.154.22
google
chrome 0.4.154.31
google
chrome 0.4.154.33
google
chrome 1.0.154.36
google
chrome 1.0.154.39
google
chrome 1.0.154.42
google
chrome 1.0.154.43
google
chrome 1.0.154.46
google
chrome 1.0.154.48
google
chrome 1.0.154.52
google
chrome 1.0.154.53
google
chrome 1.0.154.59
google
chrome 2.0.156.1
google
chrome 2.0.157.0
google
chrome 2.0.157.2
google
chrome 2.0.158.0
google
chrome 2.0.159.0
google
chrome 2.0.172
google
chrome 2.0.172.30
google
chrome 2.0.172.31
google
chrome *
google
chrome 0.2.149.27
google
chrome 0.2.149.29
google
chrome 0.2.149.30
google
chrome 1.0.154.36
google
chrome 1.0.154.43
google
chrome 1.0.154.42
google
chrome 1.0.154.39
google
chrome 0.4.154.33
google
chrome 0.4.154.31
google
chrome 0.4.154.22
google
chrome 0.4.154.18
google
chrome 0.3.154.3
google
chrome 0.3.154.0
google
chrome 0.2.153.1
google
chrome 0.2.152.1
google
chrome 1.0.154.53
google
chrome 2.0.157.0
google
chrome 2.0.157.2
google
chrome 2.0.156.1
google
chrome 2.0.158.0
google
chrome 2.0.159.0
google
chrome 1.0.154.46
google
chrome 1.0.154.59
google
chrome 1.0.154.48
google
chrome 1.0.154.64
google
chrome 1.0.154.65
google
chrome 2.0.172.30
google
chrome 1.0.154.52
google
chrome 2.0.172.31
google
chrome 2.0.172.33