CVE-2010-4198

HIGH

Google Chrome < 7.0.517.44 - Memory Corruption via Large Text Area Handling

Title source: llm
STIX 2.1

Description

WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.

References (13)

Core 13
Core References
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html
Release Notes, Vendor Advisory x_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=55257
Not Applicable vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0216
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42109
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43086
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45719
Not Applicable vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0177.html
Not Applicable vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0552
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=656118
Permissions Required, Vendor Advisory x_refsource_misc
https://bugs.webkit.org/show_bug.cgi?id=45611

Scores

CVSS v3 8.8
EPSS 0.0150
EPSS Percentile 71.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (3)
fedoraproject/fedora 13
google/chrome < 7.0.517.44
webkitgtk/webkitgtk 1.2.6
Published Nov 06, 2010
Tracked Since Feb 18, 2026