FKIE_CVE-2011-3909

Vulnerability from fkie_nvd - Published: 2011-12-13 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
References
chrome-cve-admin@google.comhttp://code.google.com/p/chromium/issues/detail?id=101010
chrome-cve-admin@google.comhttp://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html
chrome-cve-admin@google.comhttp://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
chrome-cve-admin@google.comhttp://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
chrome-cve-admin@google.comhttp://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
chrome-cve-admin@google.comhttp://secunia.com/advisories/48274
chrome-cve-admin@google.comhttp://secunia.com/advisories/48288
chrome-cve-admin@google.comhttp://secunia.com/advisories/48377
chrome-cve-admin@google.comhttp://www.securitytracker.com/id?1026774
chrome-cve-admin@google.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/73808
chrome-cve-admin@google.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14579
af854a3a-2127-422b-91ae-364da2661108http://code.google.com/p/chromium/issues/detail?id=101010
af854a3a-2127-422b-91ae-364da2661108http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48274
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48288
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48377
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1026774
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/73808
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14579
Impacted products
Vendor Product Version
google chrome *
apple itunes *
apple safari *
apple iphone_os *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBDEF161-338F-4B15-913C-12D20BB0F7D2",
              "versionEndExcluding": "16.0.912.63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA2DCF16-0EEA-40BD-9855-CC08F58A2CEF",
              "versionEndExcluding": "10.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DE4C7C6-8958-4FF7-9338-D59D325E29FC",
              "versionEndExcluding": "5.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B150860-FC76-4DDC-9FEE-BC5D96D08751",
              "versionEndExcluding": "5.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de las Hojas de Estilo en Cascada (CSS) en Google Chrome antes de v16.0.912.63 en las plataformas de 64 bits no maneja correctamente los arrays de propiedades, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2011-3909",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-12-13T21:55:01.357",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://code.google.com/p/chromium/issues/detail?id=101010"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://secunia.com/advisories/48274"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://secunia.com/advisories/48288"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://secunia.com/advisories/48377"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.securitytracker.com/id?1026774"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73808"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://code.google.com/p/chromium/issues/detail?id=101010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48288"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026774"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14579"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.