CVE-2018-17480

Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVSS v3 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/106084	Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:3803	Third Party Advisory
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html	Vendor Advisory
https://crbug.com/905940	Exploit Issue Tracking
https://security.gentoo.org/glsa/201908-18	Third Party Advisory
https://www.debian.org/security/2018/dsa-4352	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-12-11 16:29

Updated : 2024-06-28 14:22

NVD link : CVE-2018-17480

Mitre link : CVE-2018-17480

CVE.ORG link : CVE-2018-17480

JSON object : View

Products Affected

redhat

enterprise_linux_server
enterprise_linux_desktop
enterprise_linux_workstation

google

chrome

debian

debian_linux

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2018-17480", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-12-11T16:29:00.623", "references": [{"url": "http://www.securityfocus.com/bid/106084", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "chrome-cve-admin@google.com"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3803", "tags": ["Third Party Advisory"], "source": "chrome-cve-admin@google.com"}, {"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", "tags": ["Vendor Advisory"], "source": "chrome-cve-admin@google.com"}, {"url": "https://crbug.com/905940", "tags": ["Exploit", "Issue Tracking"], "source": "chrome-cve-admin@google.com"}, {"url": "https://security.gentoo.org/glsa/201908-18", "tags": ["Third Party Advisory"], "source": "chrome-cve-admin@google.com"}, {"url": "https://www.debian.org/security/2018/dsa-4352", "tags": ["Mailing List", "Third Party Advisory"], "source": "chrome-cve-admin@google.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."}, {"lang": "es", "value": "Ejecuci\u00f3n de c\u00f3digo JavaScript proporcionado por el usuario durante una deserializaci\u00f3n de arrays, la cual provoca una escritura fuera de l\u00edmites en la versi\u00f3n \"V8\" de Google Chrome en versiones anteriores a la 71.0.3578.80, permit\u00eda a un atacante remoto ejecutar c\u00f3digo arbitrario dentro de un sandbox mediante una p\u00e1gina HTML manipulada."}], "lastModified": "2024-06-28T14:22:08.800", "cisaActionDue": "2022-06-22", "cisaExploitAdd": "2022-06-08", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEC84646-AE0E-403B-903F-35E2D073FDC9", "versionEndExcluding": "71.0.3578.80"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}], "sourceIdentifier": "chrome-cve-admin@google.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Google Chromium V8 Out-of-Bounds Write Vulnerability"}