QwikSec

Security Database

CVE

CWE

Training

CVE-2008-6995

Published: Aug 18, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome 0.2.149.27 allows remote attackers to cause a denial of service (browser crash) via a URI with an invalid handler followed by a "%" (percent) character, which triggers a buffer over-read, as demonstrated using an "about:%" URI.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_OSVDB

https://www.evilfingers.com/advisory/Google_Chrome_Browser_0.2.149.27_in_chrome_dll.php

x_refsource_MISC

20080902 Google Chrome Browser (ver.0.2.149.27) Vulnerability

mailing-list

x_refsource_BUGTRAQ

http://src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/net/base/escape.cc?r1=1757&r2=1760&pathrev=1760

x_refsource_CONFIRM

http://evilfingers.com/advisory/google_chrome_poc.php

x_refsource_MISC

http://code.google.com/p/chromium/issues/detail?id=122

x_refsource_CONFIRM

google-chrome-handlers-dos(44899)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.