Home

CVE-2011-1285

Description

The regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.942

Associated Vulnerability

VulnerabilityOS Platform
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows XP (KB2507938)Windows
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows Server 2003 (KB2507938)Windows
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows Vista (KB2507938) x86 based systemsWindows
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows Vista (KB2507938) x86 based systems for SP2Windows
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows Server 2008 (KB2507938) x86 based systemsWindows
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows Server 2008 (KB2507938) x86 based systems for SP2Windows
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows 7 (KB2507938) x86 based systemsWindows
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows 7 (KB2507938) x86 based systems for SP1Windows
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows XP x64 Edition (KB2507938)Windows
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows Server 2003 x64 Edition (KB2507938)Windows
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows Vista for x64-based Systems (KB2507938)Windows
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows Vista for x64-based Systems (KB2507938) for SP2Windows
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows Server 2008 x64 Edition (KB2507938)Windows
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows Server 2008 x64 Edition (KB2507938) for SP2Windows
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows 7 for x64-based Systems (KB2507938)Windows
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows 7 for x64-based Systems (KB2507938) for SP1Windows
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows Server 2008 R2 x64 Edition (KB2507938)Windows
ms11-056: vulnerabilities in windows csrss could allow elevation of privilege: july 12, 2011 for Windows Server 2008 R2 x64 Edition (KB2507938) for SP1Windows
Updates for Google Chrome (66.0.3359.170)Windows
Updates for Google Chrome (x64) (66.0.3359.170)Windows
Updates for Google Chrome (66.0.3359.181)Windows
Updates for Google Chrome (x64) (66.0.3359.181)Windows
Updates for Google Chrome (67.0.3396.62)Windows
Updates for Google Chrome (x64) (67.0.3396.62)Windows
Updates for Google Chrome (67.0.3396.79)Windows
Updates for Google Chrome (x64) (67.0.3396.79)Windows
Updates for Google Chrome (67.0.3396.87)Windows
Updates for Google Chrome (x64) (67.0.3396.87)Windows
Google Chrome (67.0.3396.99)Windows
Google Chrome (x64) (67.0.3396.99)Windows
Multiple vulnerabilities affected in Chrome (x64) 10.0.6910.0(x64)Windows
Multiple vulnerabilities affected in Chrome 10.0.6910.0Windows
Updates for Google Chrome (66.0.3359.170) (For Ubuntu)Linux
Updates for Google Chrome (66.0.3359.170) (For Debian)Linux
Updates for Google Chrome (66.0.3359.181) (For Debian)Linux
Updates for Google Chrome (67.0.3396.62) (For Debian)Linux
Updates for Google Chrome (67.0.3396.79) (For Debian)Linux
Updates for Google Chrome (67.0.3396.87) (For Debian)Linux
Google Chrome (67.0.3396.99) (For Debian)Linux
Multiple vulnerabilities affected in Chrome 10.0.6910.0 (For Debian)Linux
Updates for Google Chrome (66.0.3359.170) (For Centos)Linux
Updates for Google Chrome (66.0.3359.181) (For Centos)Linux
Updates for Google Chrome (67.0.3396.62) (For Centos)Linux
Updates for Google Chrome (67.0.3396.79) (For Centos)Linux
Updates for Google Chrome (67.0.3396.87) (For Centos)Linux
Google Chrome (67.0.3396.99) (For Centos)Linux
Multiple vulnerabilities affected in Chrome 10.0.6910.0 (For Centos)Linux
Updates for Google Chrome (66.0.3359.170) (For RedHat)Linux
Updates for Google Chrome (66.0.3359.181) (For RedHat)Linux
Updates for Google Chrome (67.0.3396.62) (For RedHat)Linux
Updates for Google Chrome (67.0.3396.79) (For RedHat)Linux
Updates for Google Chrome (67.0.3396.87) (For RedHat)Linux
Google Chrome (67.0.3396.99) (For RedHat)Linux
Multiple vulnerabilities affected in Chrome 10.0.6910.0 (For RedHat)Linux
Updates for Google Chrome (66.0.3359.170) (For Suse)Linux
Updates for Google Chrome (66.0.3359.181) (For Suse)Linux
Updates for Google Chrome (67.0.3396.62) (For Suse)Linux
Updates for Google Chrome (67.0.3396.79) (For Suse)Linux
Updates for Google Chrome (67.0.3396.87) (For Suse)Linux
Google Chrome (67.0.3396.99) (For Suse)Linux
Multiple vulnerabilities affected in Chrome 10.0.6910.0 (For Suse)Linux
Updates for Google Chrome (66.0.3359.181) (For Ubuntu)Linux
Updates for Google Chrome (67.0.3396.62) (For Ubuntu)Linux
Updates for Google Chrome (67.0.3396.79) (For Ubuntu)Linux
Updates for Google Chrome (67.0.3396.87) (For Ubuntu)Linux
Google Chrome (67.0.3396.99) (For Ubuntu)Linux
Multiple vulnerabilities affected in Chrome 10.0.6910.0 (For Ubuntu)Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-10694Security Update for Windows Vista (KB2507938)
PATCH-10696Security Update for Windows Server 2008 (KB2507938)
PATCH-10697Security Update for Windows 7 (KB2507938)
PATCH-10702Security Update for Windows Vista for x64-based Systems (KB2507938)
PATCH-10704Security Update for Windows Server 2008 x64 Edition (KB2507938)
PATCH-10705Security Update for Windows 7 for x64-based Systems (KB2507938)
PATCH-10707Security Update for Windows Server 2008 R2 x64 Edition (KB2507938)
PATCH-307513Updates for Google Chrome (66.0.3359.170)
PATCH-307515Updates for Google Chrome (x64) (66.0.3359.170)
PATCH-307534Updates for Google Chrome (66.0.3359.181)
PATCH-307535Updates for Google Chrome (x64) (66.0.3359.181)
PATCH-307607Updates for Google Chrome (67.0.3396.62)
PATCH-307608Updates for Google Chrome (x64) (67.0.3396.62)
PATCH-307641Updates for Google Chrome (67.0.3396.79)
PATCH-307644Updates for Google Chrome (x64) (67.0.3396.79)
PATCH-307660Updates for Google Chrome (67.0.3396.87)
PATCH-307662Updates for Google Chrome (x64) (67.0.3396.87)
PATCH-307715Google Chrome (67.0.3396.99)
PATCH-307716Google Chrome (x64) (67.0.3396.99)
PATCH-313162Google Chrome (x64) (80.0.3987.132)
PATCH-313161Google Chrome (80.0.3987.132)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234