CVE-2010-1823 - OpenCVE

Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Safari Itunes
Google	Chrome

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:apple:itunes::::::::
	cpe:2.3:a:apple:safari::::::::

References

Link	Resource
http://code.google.com/p/chromium/issues/detail?id=50250	Issue Tracking Patch Vendor Advisory
http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html	Vendor Advisory
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html	Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	Mailing List Third Party Advisory
http://secunia.com/advisories/43068	Third Party Advisory
http://support.apple.com/kb/HT4808	Third Party Advisory
http://support.apple.com/kb/HT4981	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0212	Third Party Advisory
https://bugs.webkit.org/show_bug.cgi?id=43055	Permissions Required
https://bugs.webkit.org/show_bug.cgi?id=44533	Issue Tracking Patch Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2010-09-24T18:00:00

Updated: 2017-09-18T12:57:01

Reserved: 2010-05-06T00:00:00

Link: CVE-2010-1823

JSON object: View

NVD Information

Status : Analyzed

Published: 2010-09-24T19:00:04.357

Modified: 2020-07-31T19:20:46.327

Link: CVE-2010-1823

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-09-14T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "43068", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43068"}, {"name": "oval:org.mitre.oval:def:7405", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4981"}, {"name": "ADV-2011-0212", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0212"}, {"name": "APPLE-SA-2011-10-11-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.webkit.org/show_bug.cgi?id=44533"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.webkit.org/show_bug.cgi?id=43055"}, {"name": "SUSE-SR:2011:002", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4808"}, {"name": "APPLE-SA-2011-07-20-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://code.google.com/p/chromium/issues/detail?id=50250"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2010-1823", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "43068", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43068"}, {"name": "oval:org.mitre.oval:def:7405", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405"}, {"name": "http://support.apple.com/kb/HT4981", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4981"}, {"name": "ADV-2011-0212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0212"}, {"name": "APPLE-SA-2011-10-11-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"}, {"name": "https://bugs.webkit.org/show_bug.cgi?id=44533", "refsource": "CONFIRM", "url": "https://bugs.webkit.org/show_bug.cgi?id=44533"}, {"name": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"}, {"name": "https://bugs.webkit.org/show_bug.cgi?id=43055", "refsource": "CONFIRM", "url": "https://bugs.webkit.org/show_bug.cgi?id=43055"}, {"name": "SUSE-SR:2011:002", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"name": "http://support.apple.com/kb/HT4808", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4808"}, {"name": "APPLE-SA-2011-07-20-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"}, {"name": "http://code.google.com/p/chromium/issues/detail?id=50250", "refsource": "CONFIRM", "url": "http://code.google.com/p/chromium/issues/detail?id=50250"}]}}}}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2010-1823", "datePublished": "2010-09-24T18:00:00", "dateReserved": "2010-05-06T00:00:00", "dateUpdated": "2017-09-18T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "083D2BC1-C013-4B03-B295-F8131B5AB162", "versionEndExcluding": "6.0.472.59", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFDEF0C6-55A8-4240-AFFC-D3FC70F82F1D", "versionEndExcluding": "10.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA42DFF0-41FC-4ADA-8F10-F18B32BA66C0", "versionEndExcluding": "5.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098."}, {"lang": "es", "value": "Vulnerabilidad de usar despu\u00e9s de liberar en WebKit en versiones anteriores a la vr65958, como se utiliza en Google Chrome en versiones anteriores a la v6.0.472.59, permite a atacantes remotos provocar una denegaci\u00f3n de servicio y posiblemente provocar otros da\u00f1os a trav\u00e9s de vectores de ataque que provocan el uso de las APIs document tal como document.close durante el parseo, como se ha demostrado por un fichero de hojas de estilo en cascada (CSS) referenciando un \"font\" SVG, tambi\u00e9n conocido como problema rdar 8442098."}], "id": "CVE-2010-1823", "lastModified": "2020-07-31T19:20:46.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-09-24T19:00:04.357", "references": [{"source": "product-security@apple.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "http://code.google.com/p/chromium/issues/detail?id=50250"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/43068"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT4808"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT4981"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0212"}, {"source": "product-security@apple.com", "tags": ["Permissions Required"], "url": "https://bugs.webkit.org/show_bug.cgi?id=43055"}, {"source": "product-security@apple.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.webkit.org/show_bug.cgi?id=44533"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}