| Vulnerability Name: | CVE-2011-2601 (CCN-68468) | ||||||||
| Assigned: | 2011-05-11 | ||||||||
| Published: | 2011-05-11 | ||||||||
| Updated: | 2011-07-12 | ||||||||
| Summary: | The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2011-2601 Source: CCN Type: Apple Web site Apple Mac OS X Source: CCN Type: Context Web site WebGL - A New Dimension for Browser Exploitation Source: MISC Type: Exploit http://www.contextis.com/resources/blog/webgl/ Source: CCN Type: OSVDB ID: 75196 Mac OS X GPU Support Functionality Unspecified Page Handling DoS Source: XF Type: UNKNOWN macos-gpu-dos(68468) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||