Lucene search

[email protected]CVE-2017-15399

HistoryAug 28, 2018 - 8:29 p.m.

CVE-2017-15399

2018-08-2820:29:00

CWE-416

[email protected]

web.nvd.nist.gov

cve-2017-15399

use after free

google chrome

heap corruption

remote attacker

exploit

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.022

Percentile

89.6%

JSON

A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected configurations

NVD

Node

googlechromeRange<62.0.3202.89

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch6.0

CNA Affected

[
  {
    "product": "Google Chrome prior to 62.0.3202.89 unknown",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Google Chrome prior to 62.0.3202.89 unknown"
      }
    ]
  }
]