Main Vulnerability Database SB2011032001

SB2011032001 - Input validation error in Techland Chrome

Published: March 20, 2011 Updated: August 11, 2020

Security Bulletin ID SB2011032001

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2011-1465)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream.

Remediation

Install update from vendor's website.

References

http://code.google.com/p/chromium/issues/detail?id=75657
http://googlechromereleases.blogspot.com/2011/03/dev-channel-update_17.html
http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_network_transaction.cc?r1=77893&r2=77892&pathrev=77893
https://exchange.xforce.ibmcloud.com/vulnerabilities/66195
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14564