ID CVE-2009-2537
Summary KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
References
Vulnerable Configurations
  • cpe:2.3:a:kde:konqueror:*:*:*:*:*:*:*:*
    cpe:2.3:a:kde:konqueror:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 10-10-2018 - 19:40)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bugtraq
  • 20090715 Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....
  • 20090715 Re:[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....
  • 20090715 [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....
  • 20090716 Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....
exploit-db 9160
fedora
  • FEDORA-2009-8020
  • FEDORA-2009-8039
  • FEDORA-2009-8046
  • FEDORA-2009-8049
mandriva MDVSA-2009:330
misc http://www.g-sec.lu/one-bug-to-rule-them-all.html
secunia
  • 36057
  • 36062
xf konqueror-integer-value-dos(52871)
statements via4
contributor Tomas Hoger
lastmodified 2009-08-07
organization Red Hat
statement Red Hat does not consider a user-assisted crash of a client application such as Konqueror to be a security issue.
Last major update 10-10-2018 - 19:40
Published 20-07-2009 - 18:30
Back to Top