CVE-2012-2842

HIGH

Description

Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counter handling.

References

http://code.google.com/p/chromium/issues/detail?id=129898

http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.html

http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html

http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00009.html

http://support.apple.com/kb/HT5485

http://support.apple.com/kb/HT5502

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15664

Details

Source: MITRE

Published: 2012-07-12

Updated: 2017-09-19

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:google:chrome:20.0.1132.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.6:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.11:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.13:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.14:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.15:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.16:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.17:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.18:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.19:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.20:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.21:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.22:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.23:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.24:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.25:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.26:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.28:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.29:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.30:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.32:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.34:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.40:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.42:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.43:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.45:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.46:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.47:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.54:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.55:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to 20.0.1132.56 (inclusive)

Tenable Plugins

View all (12 total)

ID	Name	Product	Family	Severity
74715	openSUSE Security Update : chromium / v8 (openSUSE-SU-2012:0993-1)	Nessus	SuSE Local Security Checks	high
800990	Mac OS X : Safari < 6.0.1 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
62216	Mac OS X : Apple Safari < 6.0.1 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
6582	Safari < 6.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
6575	iTunes < 10.7 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
62078	Apple iTunes < 10.7 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	high
62077	Apple iTunes < 10.7 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	high
61542	GLSA-201208-03 : Chromium: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
61501	FreeBSD : www/chromium -- multiple vulnerabilities (2092a45b-e2f6-11e1-a8ca-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	high
800952	Google Chrome < 20.0.1132.57 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
6512	Google Chrome < 20.0.1132.57 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
59958	Google Chrome < 20.0.1132.57 Multiple Vulnerabilities	Nessus	Windows	high