製品・ソフトウェアに関する情報

JVN脆弱性詳細

Google Chrome におけるサービス運用妨害 (DoS) の脆弱性

Title	Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
Summary	Google Chrome は、stale element に関して不備があり、map 要素を適切に処理しないため、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。
Possible impacts	第三者により、サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報及び参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 19, 2010, midnight
Registration Date	Jan. 26, 2011, 1:28 p.m.
Last Update	Jan. 26, 2011, 1:28 p.m.

Affected System

Google

Google Chrome 7.0.517.41 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-4042	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4042
National Vulnerability Database (NVD)
2	CVE-2010-4042	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4042

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Google
1	Google Chrome	http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja&hl=ja
2	stable-channel-update	http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html

その他

No	Name	URL
Secunia Advisory
1	SA41888	http://secunia.com/advisories/41888
SecurityFocus
2	44241	http://www.securityfocus.com/bid/44241
VUPEN Security
3	VUPEN/ADV-2010-2731	http://www.vupen.com/english/advisories/2010/2731

Change Log

No	Changed Details	Date of change
0	[2011年01月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-4042

Summary	Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."
Publication Date	Oct. 22, 2010, 4 a.m.
Registration Date	Jan. 29, 2021, 11:07 a.m.
Last Update	Nov. 21, 2024, 10:20 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:google:chrome::::::::					7.0.517.41

Related information, measures and tools

No	URL	タグ
1	http://code.google.com/p/chromium/issues/detail?id=56451	Exploit Issue Tracking Mailing List Vendor Advisory
2	http://code.google.com/p/chromium/issues/detail?id=56451	Exploit Issue Tracking Mailing List Vendor Advisory
3	http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html	Release Notes Vendor Advisory
4	http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html	Release Notes Vendor Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html	Mailing List Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html	Mailing List Third Party Advisory
7	http://secunia.com/advisories/41888	Broken Link
8	http://secunia.com/advisories/41888	Broken Link
9	http://www.securityfocus.com/bid/44241	Third Party Advisory VDB Entry
10	http://www.securityfocus.com/bid/44241	Third Party Advisory VDB Entry
11	http://www.vupen.com/english/advisories/2010/2731	Not Applicable
12	http://www.vupen.com/english/advisories/2010/2731	Not Applicable
13	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6654	Third Party Advisory
14	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6654	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html