Main Vulnerability Database Vulnerabilities #VU43197

Input validation error in Opensuse and Google Chrome - CVE-2012-5148

Published: January 15, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU43197

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-5148

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: SUSE
Google

Affected software:
Opensuse
Google Chrome

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors.

How to mitigate CVE-2012-5148

Install update from vendor's website.

Sources

http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html
https://code.google.com/p/chromium/issues/detail?id=167122
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15746

Input validation error in Opensuse and Google Chrome - CVE-2012-5148

Detailed vulnerability description

How to mitigate CVE-2012-5148

Sources

Please verify you're human