FKIE_CVE-2010-0664

Vulnerability from fkie_nvd - Published: 2010-02-18 18:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple protocols, as demonstrated by a URL that begins with many repetitions of the view-source: substring.
References
cve@mitre.orghttp://code.google.com/p/chromium/issues/detail?id=31517Exploit
cve@mitre.orghttp://exchange.kg/other/chrome3_0day-denial_of_service_crash.htmlExploit
cve@mitre.orghttp://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.htmlPatch
cve@mitre.orghttp://securitytracker.com/id?1023506
cve@mitre.orghttp://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugsVendor Advisory
cve@mitre.orghttp://twitter.com/akirsanov/statuses/7370288490Exploit
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14097
af854a3a-2127-422b-91ae-364da2661108http://code.google.com/p/chromium/issues/detail?id=31517Exploit
af854a3a-2127-422b-91ae-364da2661108http://exchange.kg/other/chrome3_0day-denial_of_service_crash.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1023506
af854a3a-2127-422b-91ae-364da2661108http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugsVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://twitter.com/akirsanov/statuses/7370288490Exploit
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14097
Impacted products
Vendor Product Version
google chrome *
google chrome 0.2.149.27
google chrome 0.2.149.29
google chrome 0.2.149.30
google chrome 0.2.152.1
google chrome 0.2.153.1
google chrome 0.3.154.0
google chrome 0.3.154.3
google chrome 0.4.154.18
google chrome 0.4.154.22
google chrome 0.4.154.31
google chrome 0.4.154.33
google chrome 1.0.154.36
google chrome 1.0.154.39
google chrome 1.0.154.42
google chrome 1.0.154.43
google chrome 1.0.154.46
google chrome 1.0.154.48
google chrome 1.0.154.52
google chrome 1.0.154.53
google chrome 1.0.154.59
google chrome 1.0.154.65
google chrome 2.0.156.1
google chrome 2.0.157.0
google chrome 2.0.157.2
google chrome 2.0.158.0
google chrome 2.0.159.0
google chrome 2.0.169.0
google chrome 2.0.169.1
google chrome 2.0.170.0
google chrome 2.0.172
google chrome 2.0.172.2
google chrome 2.0.172.8
google chrome 2.0.172.27
google chrome 2.0.172.28
google chrome 2.0.172.30
google chrome 2.0.172.31
google chrome 2.0.172.33
google chrome 2.0.172.37
google chrome 2.0.172.38
google chrome 3.0.182.2
google chrome 3.0.190.2
google chrome 3.0.193.2
google chrome 3.0.195.21
google chrome 3.0.195.24
google chrome 3.0.195.32
google chrome 3.0.195.33
To clipboard Create KEV Entry 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74697DF5-4F60-40DA-AADE-44288F4AAC18",
              "versionEndIncluding": "4.0.249.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55D5075-D233-42D6-B1D6-77B7599650EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B8FF77A-7802-4963-B532-3F16C7BB012C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "D73576CF-76EE-42A3-9955-D7991384B8C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD4A2AB1-6F90-4D0B-A673-C6310514CE63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A4FEB5-11D8-4FFC-972D-A3B991176040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6313614-FC3C-488C-B80B-191797319A56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CDF3DAB-73C4-48E8-9B0B-DADABF217555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B2FAE50-4CA3-46F6-B533-C599011A9ED5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0D94F22-37B6-4938-966A-E1830D83FBC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B7164E-7A4F-4959-9E6D-EF614EDD4C3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C0F9D75-B10D-468F-84D8-61B6A1230556",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D2CAE29-3F1E-4374-B82C-B60B7BB4AEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "173D539E-045E-4429-80C9-5749BECC6CD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2052352-FECC-4990-B0F4-A715694AD816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCBC80CB-4AB8-4EDF-9940-D2D7124D7549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "E37938BB-8368-46D6-A8E4-F99F5CB9B82E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "6659833E-E309-4797-84D4-A782237714A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4C0D93-0308-48D4-A953-9398B88E2868",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE5094C4-1338-4189-B5FD-C9AFFF091D6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "51A8C3D2-82E6-453E-90B7-BA5C5D2CDF54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "67C0798F-CC7F-4069-810E-B81F8BB77CCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.156.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2F95770-F36F-43C0-986F-5C819648271E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.157.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECCE1FD3-8D27-4304-97F9-6F9689F2498D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.157.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F6CA696-49AA-4445-B978-96C1D8CE58DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.158.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9CFA3BF-6C07-448B-8C83-AD4C524A6577",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.159.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8497F93-D88A-4FFA-B988-7210608530A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.169.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FB50A3-FFDA-4BB9-A2C1-DA6DACC2DAAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.169.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59F93BC8-FE87-4CEC-B28A-4B0B5A468EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.170.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "02D459C7-2555-42FA-9C68-619E410D7CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.172:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5CDF938-2998-403F-B343-29B620E05D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.172.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F89EA6-B411-4887-90A1-FF3A054424F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.172.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D2BA3B-1C69-470C-9C40-001FAE82DDB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.172.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "3583995C-CD74-401F-905D-65B73CFC4595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.172.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A621B1-3186-4CE2-8BCC-916027CC74CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4A9B50D-5B0F-41C9-8FAF-B78CD21A0554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.172.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F5223F1-85CD-4DF9-9665-BDF7B554A784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DD7AFBA-A9A2-4EE9-B652-78D25EFBB690",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.172.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B9D6ED9-D5C5-4CA9-84EA-8007F48CF597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.172.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E7F7897-ECD1-499E-81CD-E224241B6607",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:3.0.182.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7422307-271F-4953-9CA4-C50238D27BAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:3.0.190.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DCC3490-5B06-4992-8E31-CA46E18607B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:3.0.193.2:beta:*:*:*:*:*:*",
              "matchCriteriaId": "C2F85551-EDB5-4790-8095-EFFA7DEC7F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:3.0.195.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FEBB1A8-295B-4AF7-996D-F7E415B91ECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:3.0.195.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "50995718-0F70-44CA-863B-4AFB4C7AF3CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:3.0.195.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D2B04D-ECEB-4B9B-9DC7-FE17C13DD72A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:3.0.195.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7460B03-A658-4507-8D9E-E0234940BD71",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple protocols, as demonstrated by a URL that begins with many repetitions of the view-source: substring."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de consumo en la pila en la funci\u00f3n ChildProcessSecurityPolicy::CanRequestURL en browser/child_process_security_policy.cc en Google Chrome before v4.0.249.78, permite provocar una denegaci\u00f3n de servicio (consumo de memoria y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una URL que especifica m\u00faltiples protocolos, como se ha demostrado mediante una URL que comienza con varias repeticiones  de \"ver c\u00f3digo fuente\"(view-source): substring."
    }
  ],
  "id": "CVE-2010-0664",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-02-18T18:00:01.130",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://code.google.com/p/chromium/issues/detail?id=31517"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://exchange.kg/other/chrome3_0day-denial_of_service_crash.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1023506"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://twitter.com/akirsanov/statuses/7370288490"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://code.google.com/p/chromium/issues/detail?id=31517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://exchange.kg/other/chrome3_0day-denial_of_service_crash.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023506"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://twitter.com/akirsanov/statuses/7370288490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14097"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.