CVE-2019-5806

Published: Jun 27, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected (8)

Products: Google: Chrome · Debian: Debian Linux · Fedoraproject: Fedora · +1 more

Show all products

Google: Chrome · Debian: Debian Linux · Fedoraproject: Fedora · Opensuse: Backports, Leap

1 product

1 product

1 product

2 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 74.0.3729.108

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30
Opensuse Backports	Version sle-15
Opensuse Leap	Version 15.0
Opensuse Leap	Version 15.1
Opensuse Leap	Version 42.3

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (16)

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html

Source: chrome-cve-admin@google.com

https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html

Source: chrome-cve-admin@google.com

https://crbug.com/943087

Source: chrome-cve-admin@google.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/

Source: chrome-cve-admin@google.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/

Source: chrome-cve-admin@google.com

https://seclists.org/bugtraq/2019/Aug/19

Source: chrome-cve-admin@google.com

https://security.gentoo.org/glsa/201908-18

Source: chrome-cve-admin@google.com

https://www.debian.org/security/2019/dsa-4500

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://crbug.com/943087

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/bugtraq/2019/Aug/19

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201908-18

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2019/dsa-4500

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.