CVE-2018-17466

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

References

http://www.securityfocus.com/bid/105666

http://www.securityfocus.com/bid/106168

https://access.redhat.com/errata/RHSA-2018:3004

https://access.redhat.com/errata/RHSA-2018:3831

https://access.redhat.com/errata/RHSA-2018:3833

https://access.redhat.com/errata/RHSA-2019:0159

https://access.redhat.com/errata/RHSA-2019:0160

https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html

https://crbug.com/880906

https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html

https://security.gentoo.org/glsa/201811-10

https://usn.ubuntu.com/3844-1/

https://usn.ubuntu.com/3868-1/

https://www.debian.org/security/2018/dsa-4330

https://www.debian.org/security/2018/dsa-4354

https://www.debian.org/security/2019/dsa-4362

Details

Source: MITRE

Published: 2018-11-14

Updated: 2019-03-05

Type: CWE-125

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Tenable Plugins

View all (53 total)

IDNameProductFamilySeverity
127423NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0150)NessusNewStart CGSL Local Security Checks
critical
127418NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0148)NessusNewStart CGSL Local Security Checks
critical
127315NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0093)NessusNewStart CGSL Local Security Checks
critical
127238NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0052)NessusNewStart CGSL Local Security Checks
critical
127213NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0039)NessusNewStart CGSL Local Security Checks
critical
125498EulerOS 2.0 SP3 : firefox (EulerOS-SA-2019-1571)NessusHuawei Local Security Checks
critical
124378EulerOS 2.0 SP2 : firefox (EulerOS-SA-2019-1282)NessusHuawei Local Security Checks
critical
123310openSUSE Security Update : Chromium (openSUSE-2019-712)NessusSuSE Local Security Checks
high
123148openSUSE Security Update : Mozilla Firefox (openSUSE-2019-1004)NessusSuSE Local Security Checks
critical
122674Amazon Linux 2 : thunderbird (ALAS-2019-1168)NessusAmazon Linux Local Security Checks
critical
122493openSUSE Security Update : MozillaThunderbird (openSUSE-2019-251)NessusSuSE Local Security Checks
critical
122224openSUSE Security Update : MozillaThunderbird (openSUSE-2019-182)NessusSuSE Local Security Checks
critical
122192Mozilla Firefox < 64.0NessusMacOS X Local Security Checks
critical
121641Mozilla Firefox ESR < 60.4NessusMacOS X Local Security Checks
critical
700411Mozilla Firefox < 64 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
121546CentOS 7 : thunderbird (CESA-2019:0160)NessusCentOS Local Security Checks
critical
121545CentOS 6 : thunderbird (CESA-2019:0159)NessusCentOS Local Security Checks
critical
121410Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190125)NessusScientific Linux Local Security Checks
critical
121409Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190125)NessusScientific Linux Local Security Checks
critical
121408Oracle Linux 6 : thunderbird (ELSA-2019-0159)NessusOracle Linux Local Security Checks
critical
121381Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : Thunderbird vulnerabilities (USN-3868-1)NessusUbuntu Local Security Checks
critical
121380RHEL 7 : thunderbird (RHSA-2019:0160)NessusRed Hat Local Security Checks
critical
121379RHEL 6 : thunderbird (RHSA-2019:0159)NessusRed Hat Local Security Checks
critical
121378Oracle Linux 7 : thunderbird (ELSA-2019-0160)NessusOracle Linux Local Security Checks
critical
120963Debian DSA-4362-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
120933Fedora 28 : chromium (2018-fd194a1f14)NessusFedora Local Security Checks
high
120342Fedora 29 : chromium (2018-34f7f68029)NessusFedora Local Security Checks
high
120193SUSE SLED15 / SLES15 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4235-1)NessusSuSE Local Security Checks
critical
119882Scientific Linux Security Update : firefox on SL7.x x86_64 (20181217)NessusScientific Linux Local Security Checks
critical
119881Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20181217)NessusScientific Linux Local Security Checks
critical
119874CentOS 7 : firefox (CESA-2018:3833)NessusCentOS Local Security Checks
critical
119873CentOS 6 : firefox (CESA-2018:3831)NessusCentOS Local Security Checks
critical
119871SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4236-1)NessusSuSE Local Security Checks
critical
119756Oracle Linux 7 : firefox (ELSA-2018-3833)NessusOracle Linux Local Security Checks
critical
119755Oracle Linux 6 : firefox (ELSA-2018-3831)NessusOracle Linux Local Security Checks
critical
119735RHEL 7 : firefox (RHSA-2018:3833)NessusRed Hat Local Security Checks
critical
119734RHEL 6 : firefox (RHSA-2018:3831)NessusRed Hat Local Security Checks
critical
119671openSUSE Security Update : Mozilla Firefox (openSUSE-2018-1544)NessusSuSE Local Security Checks
critical
119667Debian DLA-1605-1 : firefox-esr security updateNessusDebian Local Security Checks
critical
119654Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : Firefox vulnerabilities (USN-3844-1)NessusUbuntu Local Security Checks
critical
119636FreeBSD : mozilla -- multiple vulnerabilities (d10b49b2-8d02-49e8-afde-0844626317af)NessusFreeBSD Local Security Checks
critical
119634Debian DSA-4354-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical
119606Mozilla Firefox ESR < 60.4 Multiple VulnerabilitiesNessusWindows
critical
119605Mozilla Firefox ESR < 60.4 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
119604Mozilla Firefox < 64.0 Multiple VulnerabilitiesNessusWindows
critical
119603Mozilla Firefox < 64.0 Multiple Vulnerabilities (macOS) (deprecated)NessusMacOS X Local Security Checks
critical
119130GLSA-201811-10 : Chromium: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
118719Debian DSA-4330-1 : chromium-browser - security updateNessusDebian Local Security Checks
high
118386openSUSE Security Update : Chromium (openSUSE-2018-1253)NessusSuSE Local Security Checks
critical
118373RHEL 6 : chromium-browser (RHSA-2018:3004)NessusRed Hat Local Security Checks
critical
118317openSUSE Security Update : Chromium (openSUSE-2018-1208)NessusSuSE Local Security Checks
critical
118153Google Chrome < 70.0.3538.67 Multiple VulnerabilitiesNessusWindows
high
118152Google Chrome < 70.0.3538.67 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high