CVE-2009-2537 - KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large

CVE-2009-2537

Summary

KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.

References

Vulnerable Configurations

cpe:2.3:a:kde:konqueror:*:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 10-10-2018 - 19:40)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

bugtraq	20090715 Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3.... 20090715 Re:[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3.... 20090715 [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3.... 20090716 Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....
exploit-db	9160
fedora	FEDORA-2009-8020 FEDORA-2009-8039 FEDORA-2009-8046 FEDORA-2009-8049
mandriva	MDVSA-2009:330
misc	http://www.g-sec.lu/one-bug-to-rule-them-all.html
secunia	36057 36062
xf	konqueror-integer-value-dos(52871)

statements via4

contributor	Tomas Hoger
lastmodified	2009-08-07
organization	Red Hat
statement	Red Hat does not consider a user-assisted crash of a client application such as Konqueror to be a security issue.

Last major update

10-10-2018 - 19:40

Published

20-07-2009 - 18:30

Last modified

10-10-2018 - 19:40