CVE-2010-3254

Published: 07 September 2010

The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Priority

Low

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
Upstream
Released (6.0.472.53)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
qt4-x11
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

webkit
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
upstream: http://trac.webkit.org/changeset/65135
webkitgtk
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.4.9-2ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [2.4.8-1ubuntu1~ubuntu14.04.1])

Notes

AuthorNote
jdstrand
webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
it, while qt4-x11 attempts to unify khtml and webkit.
mdeslaur
webkitkde is a wrapper around qt4-x11's webkit.
looks chromium specific
micahg
Debian has a patch (in 1.2.6-1) for this, so we'll take it too

References