CVE-2017-5030
Google Chromium V8 Memory Corruption Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
YesDecision
Descriptions
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.
El manejo incorrecto de especies complejas en V8 de Google Chrome anteriores a 57.0.2987.98 para Linux, Windows y Mac y 57.0.2987.108 para Android permitió a un atacante remoto ejecutar código arbitrario a través de una página HTML especialmente diseñada.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony X800G Smart TV. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of arrays in Vewd. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to execute code in the context of the current process.
Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-01-02 CVE Reserved
- 2017-03-14 CVE Published
- 2022-06-08 Exploited in Wild
- 2022-06-22 KEV Due Date
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-08-31 EPSS Updated
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/96767 | Broken Link | |
https://www.zerodayinitiative.com/advisories/ZDI-20-126 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://crbug.com/682194 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2017-0499.html | 2024-06-28 | |
http://www.debian.org/security/2017/dsa-3810 | 2024-06-28 | |
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html | 2024-06-28 | |
https://security.gentoo.org/glsa/201704-02 | 2024-06-28 | |
https://access.redhat.com/security/cve/CVE-2017-5030 | 2017-03-14 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1431030 | 2017-03-14 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 57.0.2987.98 Search vendor "Google" for product "Chrome" and version " < 57.0.2987.98" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 57.0.2987.98 Search vendor "Google" for product "Chrome" and version " < 57.0.2987.98" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 57.0.2987.98 Search vendor "Google" for product "Chrome" and version " < 57.0.2987.98" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 57.0.2987.108 Search vendor "Google" for product "Chrome" and version " < 57.0.2987.108" | - |
Affected
| in | Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | - | - |
Safe
|
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
|