CVE-2009-2555

Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.

Published: Jul 21, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-2555
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
google / v8	-	1.0.x
google / chrome	-	2.0.172.33.x
google / chrome	0.2.149.29	0.2.149.29.x
google / chrome	0.2.149.30	0.2.149.30.x
google / chrome	0.2.152.1	0.2.152.1.x
google / chrome	0.2.153.1	0.2.153.1.x
google / chrome	0.3.154.0	0.3.154.0.x
google / chrome	0.3.154.3	0.3.154.3.x
google / chrome	0.4.154.18	0.4.154.18.x
google / chrome	0.4.154.22	0.4.154.22.x
google / chrome	0.4.154.31	0.4.154.31.x
google / chrome	0.4.154.33	0.4.154.33.x
google / chrome	1.0.154.36	1.0.154.36.x
google / chrome	1.0.154.39	1.0.154.39.x
google / chrome	1.0.154.42	1.0.154.42.x
google / chrome	1.0.154.43	1.0.154.43.x
google / chrome	1.0.154.46	1.0.154.46.x
google / chrome	1.0.154.48	1.0.154.48.x
google / chrome	1.0.154.52	1.0.154.52.x
google / chrome	1.0.154.53	1.0.154.53.x
google / chrome	1.0.154.59	1.0.154.59.x
google / chrome	2.0.156.1	2.0.156.1.x
google / chrome	2.0.157.0	2.0.157.0.x
google / chrome	2.0.157.2	2.0.157.2.x
google / chrome	2.0.158.0	2.0.158.0.x
google / chrome	2.0.159.0	2.0.159.0.x
google / chrome	2.0.172	2.0.172.x
google / chrome	2.0.172.30	2.0.172.30.x
google / chrome	2.0.172.31	2.0.172.31.x

Vulnerability Database

289,599

CVE-2009-2555