CVE-2010-1773

8.8 HIGH

Published: September 24, 2010 Modified: April 29, 2026

Description

Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://code.google.com/p/chromium/issues/detail?id=44955

Source: product-security@apple.com

Mailing List Vendor Advisory

http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html

Source: product-security@apple.com

Release Notes Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html

Source: product-security@apple.com

Mailing List Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html

Source: product-security@apple.com

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: product-security@apple.com

Mailing List Third Party Advisory

http://secunia.com/advisories/40072

Source: product-security@apple.com

Broken Link

http://secunia.com/advisories/40557

Source: product-security@apple.com

Broken Link

http://secunia.com/advisories/41856

Source: product-security@apple.com

Broken Link

http://secunia.com/advisories/43068

Source: product-security@apple.com

Broken Link

http://trac.webkit.org/changeset/59950

Source: product-security@apple.com

Mailing List Patch Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Source: product-security@apple.com

Broken Link

http://www.securityfocus.com/bid/41575

Source: product-security@apple.com

Third Party Advisory VDB Entry

http://www.ubuntu.com/usn/USN-1006-1

Source: product-security@apple.com

Third Party Advisory

http://www.vupen.com/english/advisories/2010/1801

Source: product-security@apple.com

Broken Link

http://www.vupen.com/english/advisories/2010/2722

Source: product-security@apple.com

Broken Link

http://www.vupen.com/english/advisories/2011/0212

Source: product-security@apple.com

Broken Link

http://www.vupen.com/english/advisories/2011/0552

Source: product-security@apple.com

Broken Link

https://bugs.webkit.org/show_bug.cgi?id=39508

Source: product-security@apple.com

Permissions Required Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=596500

Source: product-security@apple.com

Issue Tracking Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11830

Source: product-security@apple.com

Third Party Advisory

http://code.google.com/p/chromium/issues/detail?id=44955

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Vendor Advisory

http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory

http://secunia.com/advisories/40072

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://secunia.com/advisories/40557

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://secunia.com/advisories/41856

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://secunia.com/advisories/43068

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://trac.webkit.org/changeset/59950

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Patch Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securityfocus.com/bid/41575

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry

http://www.ubuntu.com/usn/USN-1006-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.vupen.com/english/advisories/2010/1801

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.vupen.com/english/advisories/2010/2722

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.vupen.com/english/advisories/2011/0212

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.vupen.com/english/advisories/2011/0552

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://bugs.webkit.org/show_bug.cgi?id=39508

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=596500

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11830

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

40 reference(s) from NVD

Quick Stats

CVSS v3 Score

8.8 / 10.0

EPSS (Exploit Probability)

2.3%

85th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-193

Affected Vendors

google redhat canonical opensuse fedoraproject

Related CVEs

CVE-2026-7779 4.3

CVE-2026-42238 N/A

CVE-2026-42223 6.5

CVE-2026-42222 8.1

CVE-2026-42221 8.1