Vulnerability-Lookup

CVE-2019-5798 (GCVE-0-2019-5798)

Vulnerability from cvelistv5 – Published: 2019-05-23 19:17 – Updated: 2024-08-04 20:09

Summary

Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Out of bounds read

Assigner

Chrome

References

13 references

URL	Tags
https://chromereleases.googleblog.com/2019/03/sta…	x_refsource_MISC
https://crbug.com/883596	x_refsource_MISC
https://www.debian.org/security/2019/dsa-4451	vendor-advisoryx_refsource_DEBIAN
https://seclists.org/bugtraq/2019/May/67	mailing-listx_refsource_BUGTRAQ
https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
https://usn.ubuntu.com/3997-1/	vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://access.redhat.com/errata/RHSA-2019:1310	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1308	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1309	vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: prior to 73.0.3683.75

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:09:22.434Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/883596"
          },
          {
            "name": "DSA-4451",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4451"
          },
          {
            "name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/67"
          },
          {
            "name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
          },
          {
            "name": "USN-3997-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3997-1/"
          },
          {
            "name": "openSUSE-SU-2019:1484",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
          },
          {
            "name": "RHSA-2019:1310",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1310"
          },
          {
            "name": "RHSA-2019:1308",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1308"
          },
          {
            "name": "RHSA-2019:1309",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1309"
          },
          {
            "name": "openSUSE-SU-2019:1534",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
          },
          {
            "name": "openSUSE-SU-2019:1664",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
          },
          {
            "name": "openSUSE-SU-2019:1666",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 73.0.3683.75"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out of bounds read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-28T17:06:06.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/883596"
        },
        {
          "name": "DSA-4451",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4451"
        },
        {
          "name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/67"
        },
        {
          "name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
        },
        {
          "name": "USN-3997-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3997-1/"
        },
        {
          "name": "openSUSE-SU-2019:1484",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
        },
        {
          "name": "RHSA-2019:1310",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1310"
        },
        {
          "name": "RHSA-2019:1308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1308"
        },
        {
          "name": "RHSA-2019:1309",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1309"
        },
        {
          "name": "openSUSE-SU-2019:1534",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
        },
        {
          "name": "openSUSE-SU-2019:1664",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
        },
        {
          "name": "openSUSE-SU-2019:1666",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2019-5798",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to 73.0.3683.75"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out of bounds read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
              "refsource": "MISC",
              "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
            },
            {
              "name": "https://crbug.com/883596",
              "refsource": "MISC",
              "url": "https://crbug.com/883596"
            },
            {
              "name": "DSA-4451",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4451"
            },
            {
              "name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/67"
            },
            {
              "name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
            },
            {
              "name": "USN-3997-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3997-1/"
            },
            {
              "name": "openSUSE-SU-2019:1484",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
            },
            {
              "name": "RHSA-2019:1310",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1310"
            },
            {
              "name": "RHSA-2019:1308",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1308"
            },
            {
              "name": "RHSA-2019:1309",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1309"
            },
            {
              "name": "openSUSE-SU-2019:1534",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
            },
            {
              "name": "openSUSE-SU-2019:1664",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
            },
            {
              "name": "openSUSE-SU-2019:1666",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2019-5798",
    "datePublished": "2019-05-23T19:17:29.000Z",
    "dateReserved": "2019-01-09T00:00:00.000Z",
    "dateUpdated": "2024-08-04T20:09:22.434Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-5798",
      "date": "2026-05-20",
      "epss": "0.01235",
      "percentile": "0.79421"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"73.0.3683.75\", \"matchCriteriaId\": \"EA174888-9FEB-4029-8E0D-D6CFCF1A74F6\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"284A8DA0-317B-4BBE-AECB-7E91BBF0DD3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1E78106-58E6-4D59-990F-75DA575BFAD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.\"}, {\"lang\": \"es\", \"value\": \"La falta de comprobaci\\u00f3n de l\\u00edmites correcta en Skia en Google Chrome antes de la versi\\u00f3n 73.0.3683.75, permiti\\u00f3 que un atacante remoto ejecutara una lectura de memoria fuera de l\\u00edmites por medio de una p\\u00e1gina HTML creada.\"}]",
      "id": "CVE-2019-5798",
      "lastModified": "2024-11-21T04:45:30.940",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-05-23T20:29:01.047",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1308\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1309\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1310\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/883596\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://seclists.org/bugtraq/2019/May/67\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://usn.ubuntu.com/3997-1/\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4451\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1308\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1309\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1310\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/883596\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2019/May/67\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/3997-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4451\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "chrome-cve-admin@google.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5798\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2019-05-23T20:29:01.047\",\"lastModified\":\"2024-11-21T04:45:30.940\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"La falta de comprobaci\u00f3n de l\u00edmites correcta en Skia en Google Chrome antes de la versi\u00f3n 73.0.3683.75, permiti\u00f3 que un atacante remoto ejecutara una lectura de memoria fuera de l\u00edmites por medio de una p\u00e1gina HTML creada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"73.0.3683.75\",\"matchCriteriaId\":\"EA174888-9FEB-4029-8E0D-D6CFCF1A74F6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"284A8DA0-317B-4BBE-AECB-7E91BBF0DD3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1308\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1309\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1310\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/883596\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/67\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://usn.ubuntu.com/3997-1/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4451\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1308\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1309\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1310\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/883596\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/67\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3997-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4451\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2019-AVI-099

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Chrome	Chrome versions antérieures à 73.0.3683.75

References

Title

Publication Time

Tags

Bulletin de sécurité Chrome du 12 mars 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Chrome versions ant\u00e9rieures \u00e0 73.0.3683.75",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-5804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5804"
    },
    {
      "name": "CVE-2019-5799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5799"
    },
    {
      "name": "CVE-2019-5797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5797"
    },
    {
      "name": "CVE-2019-5800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5800"
    },
    {
      "name": "CVE-2019-5801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5801"
    },
    {
      "name": "CVE-2019-5788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5788"
    },
    {
      "name": "CVE-2019-5792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5792"
    },
    {
      "name": "CVE-2019-5798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5798"
    },
    {
      "name": "CVE-2019-5787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5787"
    },
    {
      "name": "CVE-2019-5796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5796"
    },
    {
      "name": "CVE-2019-5791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5791"
    },
    {
      "name": "CVE-2019-5803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5803"
    },
    {
      "name": "CVE-2019-5802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5802"
    },
    {
      "name": "CVE-2019-5790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5790"
    },
    {
      "name": "CVE-2019-5795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5795"
    },
    {
      "name": "CVE-2019-5794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5794"
    },
    {
      "name": "CVE-2019-5789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5789"
    },
    {
      "name": "CVE-2019-5793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5793"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-099",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-03-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Chrome. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Chrome du 12 mars 2019",
      "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29"
    }
  ]
}

CERTFR-2019-AVI-236

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox versions antérieures à 67
	Mozilla	Firefox	Firefox ESR versions antérieures à 60.7

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2019-13 du 21 mai 2019	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2019-14 du 21 mai 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 67",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 60.7",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11692"
    },
    {
      "name": "CVE-2019-11693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11693"
    },
    {
      "name": "CVE-2019-11694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11694"
    },
    {
      "name": "CVE-2019-11691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11691"
    },
    {
      "name": "CVE-2019-9815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9815"
    },
    {
      "name": "CVE-2019-11701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11701"
    },
    {
      "name": "CVE-2019-9818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9818"
    },
    {
      "name": "CVE-2019-7317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
    },
    {
      "name": "CVE-2019-11697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11697"
    },
    {
      "name": "CVE-2018-18511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18511"
    },
    {
      "name": "CVE-2019-5798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5798"
    },
    {
      "name": "CVE-2019-9817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9817"
    },
    {
      "name": "CVE-2019-9819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9819"
    },
    {
      "name": "CVE-2019-9814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9814"
    },
    {
      "name": "CVE-2019-11695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11695"
    },
    {
      "name": "CVE-2019-9816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9816"
    },
    {
      "name": "CVE-2019-11698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11698"
    },
    {
      "name": "CVE-2019-11699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11699"
    },
    {
      "name": "CVE-2019-11700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11700"
    },
    {
      "name": "CVE-2019-9820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9820"
    },
    {
      "name": "CVE-2019-9800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9800"
    },
    {
      "name": "CVE-2019-11696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11696"
    },
    {
      "name": "CVE-2019-9797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9797"
    },
    {
      "name": "CVE-2019-9821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9821"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-236",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nun contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-13 du 21 mai 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-14 du 21 mai 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/"
    }
  ]
}

CERTFR-2019-AVI-237

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Mozilla Thunderbird versions antérieures à 60.7

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2019-15 du 21 mai 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 60.7",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11692"
    },
    {
      "name": "CVE-2019-11693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11693"
    },
    {
      "name": "CVE-2019-11694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11694"
    },
    {
      "name": "CVE-2019-11691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11691"
    },
    {
      "name": "CVE-2019-9815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9815"
    },
    {
      "name": "CVE-2019-9818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9818"
    },
    {
      "name": "CVE-2019-7317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
    },
    {
      "name": "CVE-2018-18511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18511"
    },
    {
      "name": "CVE-2019-5798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5798"
    },
    {
      "name": "CVE-2019-9817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9817"
    },
    {
      "name": "CVE-2019-9819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9819"
    },
    {
      "name": "CVE-2019-9816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9816"
    },
    {
      "name": "CVE-2019-11698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11698"
    },
    {
      "name": "CVE-2019-9820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9820"
    },
    {
      "name": "CVE-2019-9800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9800"
    },
    {
      "name": "CVE-2019-9797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9797"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-237",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de\nservice et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-15 du 21 mai 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/"
    }
  ]
}

CERTFR-2019-AVI-099

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Chrome	Chrome versions antérieures à 73.0.3683.75

References

Title

Publication Time

Tags

Bulletin de sécurité Chrome du 12 mars 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Chrome versions ant\u00e9rieures \u00e0 73.0.3683.75",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-5804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5804"
    },
    {
      "name": "CVE-2019-5799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5799"
    },
    {
      "name": "CVE-2019-5797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5797"
    },
    {
      "name": "CVE-2019-5800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5800"
    },
    {
      "name": "CVE-2019-5801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5801"
    },
    {
      "name": "CVE-2019-5788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5788"
    },
    {
      "name": "CVE-2019-5792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5792"
    },
    {
      "name": "CVE-2019-5798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5798"
    },
    {
      "name": "CVE-2019-5787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5787"
    },
    {
      "name": "CVE-2019-5796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5796"
    },
    {
      "name": "CVE-2019-5791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5791"
    },
    {
      "name": "CVE-2019-5803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5803"
    },
    {
      "name": "CVE-2019-5802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5802"
    },
    {
      "name": "CVE-2019-5790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5790"
    },
    {
      "name": "CVE-2019-5795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5795"
    },
    {
      "name": "CVE-2019-5794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5794"
    },
    {
      "name": "CVE-2019-5789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5789"
    },
    {
      "name": "CVE-2019-5793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5793"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-099",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-03-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Chrome. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Chrome du 12 mars 2019",
      "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29"
    }
  ]
}

CERTFR-2019-AVI-236

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox versions antérieures à 67
	Mozilla	Firefox	Firefox ESR versions antérieures à 60.7

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2019-13 du 21 mai 2019	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2019-14 du 21 mai 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 67",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 60.7",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11692"
    },
    {
      "name": "CVE-2019-11693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11693"
    },
    {
      "name": "CVE-2019-11694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11694"
    },
    {
      "name": "CVE-2019-11691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11691"
    },
    {
      "name": "CVE-2019-9815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9815"
    },
    {
      "name": "CVE-2019-11701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11701"
    },
    {
      "name": "CVE-2019-9818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9818"
    },
    {
      "name": "CVE-2019-7317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
    },
    {
      "name": "CVE-2019-11697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11697"
    },
    {
      "name": "CVE-2018-18511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18511"
    },
    {
      "name": "CVE-2019-5798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5798"
    },
    {
      "name": "CVE-2019-9817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9817"
    },
    {
      "name": "CVE-2019-9819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9819"
    },
    {
      "name": "CVE-2019-9814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9814"
    },
    {
      "name": "CVE-2019-11695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11695"
    },
    {
      "name": "CVE-2019-9816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9816"
    },
    {
      "name": "CVE-2019-11698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11698"
    },
    {
      "name": "CVE-2019-11699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11699"
    },
    {
      "name": "CVE-2019-11700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11700"
    },
    {
      "name": "CVE-2019-9820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9820"
    },
    {
      "name": "CVE-2019-9800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9800"
    },
    {
      "name": "CVE-2019-11696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11696"
    },
    {
      "name": "CVE-2019-9797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9797"
    },
    {
      "name": "CVE-2019-9821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9821"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-236",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nun contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-13 du 21 mai 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-14 du 21 mai 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/"
    }
  ]
}

CERTFR-2019-AVI-237

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Mozilla Thunderbird versions antérieures à 60.7

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2019-15 du 21 mai 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 60.7",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11692"
    },
    {
      "name": "CVE-2019-11693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11693"
    },
    {
      "name": "CVE-2019-11694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11694"
    },
    {
      "name": "CVE-2019-11691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11691"
    },
    {
      "name": "CVE-2019-9815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9815"
    },
    {
      "name": "CVE-2019-9818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9818"
    },
    {
      "name": "CVE-2019-7317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
    },
    {
      "name": "CVE-2018-18511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18511"
    },
    {
      "name": "CVE-2019-5798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5798"
    },
    {
      "name": "CVE-2019-9817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9817"
    },
    {
      "name": "CVE-2019-9819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9819"
    },
    {
      "name": "CVE-2019-9816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9816"
    },
    {
      "name": "CVE-2019-11698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11698"
    },
    {
      "name": "CVE-2019-9820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9820"
    },
    {
      "name": "CVE-2019-9800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9800"
    },
    {
      "name": "CVE-2019-9797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9797"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-237",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de\nservice et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-15 du 21 mai 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/"
    }
  ]
}

BDU:2020-00687

Vulnerability from fstec - Published: 23.05.2019

Title

Уязвимость графической библиотеки Skia браузера Google Chrome, связанная с чтением за границами буфера данных, позволяющая нарушителю получить несанкционированный доступ к информации

Description

Уязвимость графической библиотеки Skia браузера Google Chrome связана с чтением за границами буфера данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к информации через специально созданную HTML-страницу

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Vendor

Red Hat Inc., Сообщество свободного программного обеспечения, Novell Inc., ООО «РусБИТех-Астра», Google Inc, Mozilla Corp.

Software Name

Red Hat Enterprise Linux, Debian GNU/Linux, OpenSUSE Leap, Astra Linux Special Edition (запись в едином реестре российских программ №369), SUSE Package Hub for SUSE Linux Enterprise, Google Chrome, Firefox ESR, Thunderbird

Software Version

6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 12 (SUSE Package Hub for SUSE Linux Enterprise), до 73.0.3683.75 (Google Chrome), до 60.7 (Firefox ESR), до 1:60.7.1-1 (Thunderbird)

Possible Mitigations

Использование рекомендаций производителя: Для chromium: Обновление программного обеспечения до 75.0.3770.90-1 или более поздней версии Для Debian: Обновление программного обеспечения (пакета chromium) до 73.0.3683.75-1~deb9u1 или более поздней версии Для Astra Linux: https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186 Для программных продуктов Novell Inc. http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html Для программных продуктов Red Hat Inc.: https://access.redhat.com/errata/RHSA-2019:1308 https://access.redhat.com/errata/RHSA-2019:1309 https://access.redhat.com/errata/RHSA-2019:1310

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-5798 https://security-tracker.debian.org/tracker/CVE-2019-5798 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://access.redhat.com/errata/RHSA-2019:1308 https://access.redhat.com/errata/RHSA-2019:1309 https://access.redhat.com/errata/RHSA-2019:1310

CWE

CWE-125

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Google Inc, Mozilla Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 12 (SUSE Package Hub for SUSE Linux Enterprise), \u0434\u043e 73.0.3683.75 (Google Chrome), \u0434\u043e 60.7 (Firefox ESR), \u0434\u043e 1:60.7.1-1 (Thunderbird)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\n\u0414\u043b\u044f chromium:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 75.0.3770.90-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 chromium) \u0434\u043e 73.0.3683.75-1~deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.\nhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/errata/RHSA-2019:1308\nhttps://access.redhat.com/errata/RHSA-2019:1309\nhttps://access.redhat.com/errata/RHSA-2019:1310",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "23.05.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.02.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.02.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-00687",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-5798",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, OpenSUSE Leap, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), SUSE Package Hub for SUSE Linux Enterprise, Google Chrome, Firefox ESR, Thunderbird",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Novell Inc. OpenSUSE Leap 42.3 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Skia \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Skia \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u0443\u044e HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2019-5798\nhttps://security-tracker.debian.org/tracker/CVE-2019-5798\nhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html\nhttps://access.redhat.com/errata/RHSA-2019:1308\nhttps://access.redhat.com/errata/RHSA-2019:1309\nhttps://access.redhat.com/errata/RHSA-2019:1310",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

CNVD-2019-23139

Vulnerability from cnvd - Published: 2019-07-17

Title

Google Chrome越界读取漏洞（CNVD-2019-23139）

Description

Chrome是由谷歌开发的一款Web浏览工具。 Google Chrome 73.0.3683.75之前版本中的Skia存在越界读取漏洞。攻击者可利用该漏洞通过精心设计的HTML页面执行越界内存读取。

Severity

中

Patch Name

Google Chrome越界读取漏洞（CNVD-2019-23139）的补丁

Patch Description

Chrome是由谷歌开发的一款设计简单、高效的Web浏览工具，其特点是简洁、快速。 Google Chrome 73.0.3683.75之前版本中的Skia存在越界读取漏洞。攻击者可利用该漏洞通过精心设计的HTML页面执行越界内存读取。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://www.google.com/intl/zh-CN_ALL/chrome/

Reference

https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html

Impacted products

Name
Google, Inc. Chrome <73.0.3683.75

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5798"
    }
  },
  "description": "Chrome\u662f\u7531\u8c37\u6b4c\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5de5\u5177\u3002\n\nGoogle Chrome 73.0.3683.75\u4e4b\u524d\u7248\u672c\u4e2d\u7684Skia\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u8bbe\u8ba1\u7684HTML\u9875\u9762\u6267\u884c\u8d8a\u754c\u5185\u5b58\u8bfb\u53d6\u3002",
  "discovererName": "security",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.google.com/intl/zh-CN_ALL/chrome/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-23139",
  "openTime": "2019-07-17",
  "patchDescription": "Chrome\u662f\u7531\u8c37\u6b4c\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\uff0c\u5176\u7279\u70b9\u662f\u7b80\u6d01\u3001\u5feb\u901f\u3002\r\n\r\nGoogle Chrome 73.0.3683.75\u4e4b\u524d\u7248\u672c\u4e2d\u7684Skia\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u8bbe\u8ba1\u7684HTML\u9875\u9762\u6267\u884c\u8d8a\u754c\u5185\u5b58\u8bfb\u53d6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Chrome\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff08CNVD-2019-23139\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Google, Inc. Chrome \u003c73.0.3683.75"
  },
  "referenceLink": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
  "serverity": "\u4e2d",
  "submitTime": "2019-03-13",
  "title": "Google Chrome\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff08CNVD-2019-23139\uff09"
}

FKIE_CVE-2019-5798

Vulnerability from fkie_nvd - Published: 2019-05-23 20:29 - Updated: 2024-11-21 04:45

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

References

	URL	Tags
	chrome-cve-admin@google.com	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html
	chrome-cve-admin@google.com	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html
	chrome-cve-admin@google.com	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html
	chrome-cve-admin@google.com	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
	chrome-cve-admin@google.com	https://access.redhat.com/errata/RHSA-2019:1308
	chrome-cve-admin@google.com	https://access.redhat.com/errata/RHSA-2019:1309
	chrome-cve-admin@google.com	https://access.redhat.com/errata/RHSA-2019:1310
	chrome-cve-admin@google.com	https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html
	chrome-cve-admin@google.com	https://crbug.com/883596
	chrome-cve-admin@google.com	https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html
	chrome-cve-admin@google.com	https://seclists.org/bugtraq/2019/May/67
	chrome-cve-admin@google.com	https://usn.ubuntu.com/3997-1/
	chrome-cve-admin@google.com	https://www.debian.org/security/2019/dsa-4451
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
	af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:1308
	af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:1309
	af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:1310
	af854a3a-2127-422b-91ae-364da2661108	https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html
	af854a3a-2127-422b-91ae-364da2661108	https://crbug.com/883596
	af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html
	af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/May/67
	af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3997-1/
	af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2019/dsa-4451

Impacted products

Vendor	Product	Version
google	chrome	*
debian	debian_linux	8.0
debian	debian_linux	9.0
suse	package_hub	-
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	18.10
canonical	ubuntu_linux	19.04
opensuse	backports	sle-15
opensuse	leap	15.0
opensuse	leap	15.1
opensuse	leap	42.3
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6",
              "versionEndExcluding": "73.0.3683.75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "284A8DA0-317B-4BBE-AECB-7E91BBF0DD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
    },
    {
      "lang": "es",
      "value": "La falta de comprobaci\u00f3n de l\u00edmites correcta en Skia en Google Chrome antes de la versi\u00f3n 73.0.3683.75, permiti\u00f3 que un atacante remoto ejecutara una lectura de memoria fuera de l\u00edmites por medio de una p\u00e1gina HTML creada."
    }
  ],
  "id": "CVE-2019-5798",
  "lastModified": "2024-11-21T04:45:30.940",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-23T20:29:01.047",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://access.redhat.com/errata/RHSA-2019:1308"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://access.redhat.com/errata/RHSA-2019:1309"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://access.redhat.com/errata/RHSA-2019:1310"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://crbug.com/883596"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://seclists.org/bugtraq/2019/May/67"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://usn.ubuntu.com/3997-1/"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://www.debian.org/security/2019/dsa-4451"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:1308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:1309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:1310"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://crbug.com/883596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/May/67"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3997-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2019/dsa-4451"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-3R7C-93GC-73GW

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2022-10-11 19:00

Details

Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5798"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-23T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
  "id": "GHSA-3r7c-93gc-73gw",
  "modified": "2022-10-11T19:00:48Z",
  "published": "2022-05-24T16:46:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5798"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1308"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1309"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1310"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/883596"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/May/67"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3997-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4451"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-5798 (GCVE-0-2019-5798)

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature