CVE-2010-4038

The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

Weakness

The product does not release or incorrectly releases a resource before it is made available for re-use.

Affected Software

Name	Vendor	Start Version	End Version
Chrome	Google	*	7.0.517.41 (excluding)
Chromium-browser	Ubuntu	devel	*
Chromium-browser	Ubuntu	lucid	*
Chromium-browser	Ubuntu	maverick	*
Chromium-browser	Ubuntu	upstream	*

Potential Mitigations

Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.

https://cwe.mitre.org/data/definitions/125.html
https://cwe.mitre.org/data/definitions/130.html
https://cwe.mitre.org/data/definitions/131.html
https://cwe.mitre.org/data/definitions/494.html
https://cwe.mitre.org/data/definitions/495.html
https://cwe.mitre.org/data/definitions/496.html
https://cwe.mitre.org/data/definitions/666.html

References

http://code.google.com/p/chromium/issues/detail?id=53985
http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html
http://secunia.com/advisories/41888
http://www.securityfocus.com/bid/44241
http://www.vupen.com/english/advisories/2010/2731
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13930

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-4038
CWE	https://cwe.mitre.org/data/definitions/404.html

Improper Resource Shutdown or Release

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References