PT-2017-3232 · Google+4 · Google Chrome+5

Publicado

2017-06-05

Atualizado

2024-06-15

CVE-2017-5071

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 59.0.3071.86 for Linux, Windows and Mac Google Chrome versions prior to 59.0.3071.92 for Android

Description The issue exists due to insufficient validation of untrusted input in V8. A remote attacker can perform an out of bounds memory read via a crafted HTML page. This allows the attacker to read memory contents beyond boundaries using a specially formed HTML page.

Recommendations For versions prior to 59.0.3071.86 for Linux, Windows and Mac, update to version 59.0.3071.86 or later. For versions prior to 59.0.3071.92 for Android, update to version 59.0.3071.92 or later. As a temporary workaround, consider restricting access to untrusted HTML pages until a patch is available.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2017-1713

BDU:2017-02666

CVE-2017-5071

MGASA-2017-0317

OPENSUSE-SU-2017:1501-1

OPENSUSE-SU-2017:1502-1

OPENSUSE-SU-2017_1502-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:12948-1

RHSA-2017:1399

RHSA-2017_1399

Produtos afetados

Alt Linux

Google Chrome

Opera

Red Hat

Suse

PT-2017-3232 · Google+4 · Google Chrome+5

CVE-2017-5071

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2342