CVE-2011-3909 - OpenCVE

The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os Itunes Safari
Google	Chrome

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:apple:itunes::::::::
	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:iphone_os::::::::

No data.

References

Link	Providers
http://code.google.com/p/chromium/issues/detail?id=101010
http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
http://secunia.com/advisories/48274
http://secunia.com/advisories/48288
http://secunia.com/advisories/48377
http://www.securitytracker.com/id?1026774
https://exchange.xforce.ibmcloud.com/vulnerabilities/73808
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14579

History

No history.

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2011-12-13T21:00:00

Updated: 2024-08-06T23:53:32.228Z

Reserved: 2011-10-01T00:00:00

Link: CVE-2011-3909

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-12-13T21:55:01.357

Modified: 2023-11-07T02:08:54.927

Link: CVE-2011-3909

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-12-13T00:00:00", "descriptions": [{"lang": "en", "value": "The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-05T18:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://code.google.com/p/chromium/issues/detail?id=101010"}, {"name": "apple-webkit-cve20113909-code-execution(73808)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73808"}, {"name": "oval:org.mitre.oval:def:14579", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14579"}, {"name": "1026774", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1026774"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html"}, {"name": "48377", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48377"}, {"name": "APPLE-SA-2012-03-12-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"}, {"name": "48274", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48274"}, {"name": "APPLE-SA-2012-03-07-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"}, {"name": "48288", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48288"}, {"name": "APPLE-SA-2012-03-07-2", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2011-3909", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://code.google.com/p/chromium/issues/detail?id=101010", "refsource": "CONFIRM", "url": "http://code.google.com/p/chromium/issues/detail?id=101010"}, {"name": "apple-webkit-cve20113909-code-execution(73808)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73808"}, {"name": "oval:org.mitre.oval:def:14579", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14579"}, {"name": "1026774", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026774"}, {"name": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html"}, {"name": "48377", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48377"}, {"name": "APPLE-SA-2012-03-12-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"}, {"name": "48274", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48274"}, {"name": "APPLE-SA-2012-03-07-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"}, {"name": "48288", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48288"}, {"name": "APPLE-SA-2012-03-07-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:53:32.228Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://code.google.com/p/chromium/issues/detail?id=101010"}, {"name": "apple-webkit-cve20113909-code-execution(73808)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73808"}, {"name": "oval:org.mitre.oval:def:14579", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14579"}, {"name": "1026774", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1026774"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html"}, {"name": "48377", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48377"}, {"name": "APPLE-SA-2012-03-12-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"}, {"name": "48274", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48274"}, {"name": "APPLE-SA-2012-03-07-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"}, {"name": "48288", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48288"}, {"name": "APPLE-SA-2012-03-07-2", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2011-3909", "datePublished": "2011-12-13T21:00:00", "dateReserved": "2011-10-01T00:00:00", "dateUpdated": "2024-08-06T23:53:32.228Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBDEF161-338F-4B15-913C-12D20BB0F7D2", "versionEndExcluding": "16.0.912.63", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA2DCF16-0EEA-40BD-9855-CC08F58A2CEF", "versionEndExcluding": "10.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DE4C7C6-8958-4FF7-9338-D59D325E29FC", "versionEndExcluding": "5.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B150860-FC76-4DDC-9FEE-BC5D96D08751", "versionEndExcluding": "5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors."}, {"lang": "es", "value": "La implementaci\u00f3n de las Hojas de Estilo en Cascada (CSS) en Google Chrome antes de v16.0.912.63 en las plataformas de 64 bits no maneja correctamente los arrays de propiedades, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de vectores no especificados."}], "id": "CVE-2011-3909", "lastModified": "2023-11-07T02:08:54.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-12-13T21:55:01.357", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://code.google.com/p/chromium/issues/detail?id=101010"}, {"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/48274"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/48288"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/48377"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securitytracker.com/id?1026774"}, {"source": "chrome-cve-admin@google.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73808"}, {"source": "chrome-cve-admin@google.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14579"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}