CVE-2015-1228 - OpenCVE

The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Google	Chrome
Redhat	Enterprise Linux Workstation Supplementary Enterprise Linux Server Supplementary Eus Enterprise Linux Server Enterprise Linux Desktop Supplementary
Canonical	Ubuntu Linux

Configuration 1 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*

Configuration 2 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:::::::*

References

Link	Resource
http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html
http://rhn.redhat.com/errata/RHSA-2015-0627.html
http://www.securityfocus.com/bid/72901
http://www.ubuntu.com/usn/USN-2521-1
https://code.google.com/p/chromium/issues/detail?id=444707
https://security.gentoo.org/glsa/201503-12
https://src.chromium.org/viewvc/blink?revision=188180&view=revision

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Chrome

Published: 2015-03-09T00:00:00

Updated: 2016-12-20T16:57:01

Reserved: 2015-01-21T00:00:00

Link: CVE-2015-1228

JSON object: View

NVD Information

Status : Modified

Published: 2015-03-09T00:59:21.233

Modified: 2023-11-07T02:24:14.500

Link: CVE-2015-1228

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-03T00:00:00", "descriptions": [{"lang": "en", "value": "The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-20T16:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=444707"}, {"name": "USN-2521-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2521-1"}, {"name": "72901", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72901"}, {"name": "GLSA-201503-12", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201503-12"}, {"name": "RHSA-2015:0627", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://src.chromium.org/viewvc/blink?revision=188180&view=revision"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2015-1228", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://code.google.com/p/chromium/issues/detail?id=444707", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=444707"}, {"name": "USN-2521-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2521-1"}, {"name": "72901", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72901"}, {"name": "GLSA-201503-12", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201503-12"}, {"name": "RHSA-2015:0627", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html"}, {"name": "https://src.chromium.org/viewvc/blink?revision=188180&view=revision", "refsource": "CONFIRM", "url": "https://src.chromium.org/viewvc/blink?revision=188180&view=revision"}, {"name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"}]}}}}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2015-1228", "datePublished": "2015-03-09T00:00:00", "dateReserved": "2015-01-21T00:00:00", "dateUpdated": "2016-12-20T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E4473BA-37DE-4AF1-A828-99AA9D83AAE7", "versionEndIncluding": "40.0.2214.115", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8C6E104-EDBC-481E-85B8-D39ED2058D39", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*", "matchCriteriaId": "04A2B180-08EF-4BE1-B1F2-48782874D6DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E89B38A-3697-46DD-BB3F-E8D2373588BE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence."}, {"lang": "es", "value": "La funci\u00f3n RenderCounter::updateCounter en core/rendering/RenderCounter.cpp en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, no fuerza una operaci\u00f3n relayout y como consecuencia no inicializa la memoria para una estructura de datos, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente tener otro impacto no especificado a trav\u00e9s de una secuencia de tokens Cascading Style Sheets (CSS) manipulada."}], "id": "CVE-2015-1228", "lastModified": "2023-11-07T02:24:14.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-09T00:59:21.233", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/72901"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.ubuntu.com/usn/USN-2521-1"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/chromium/issues/detail?id=444707"}, {"source": "chrome-cve-admin@google.com", "url": "https://security.gentoo.org/glsa/201503-12"}, {"source": "chrome-cve-admin@google.com", "url": "https://src.chromium.org/viewvc/blink?revision=188180&view=revision"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}