Lucene search

ChromeCVE-2013-2927

HistoryOct 16, 2013 - 8:55 p.m.

CVE-2013-2927

2013-10-1620:55:06

CWE-399

Chrome

web.nvd.nist.gov

cve-2013-2927

htmlformelement

blink

google chrome

denial of service

remote attackers

vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.025

Percentile

90.2%

JSON

Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements.

Affected configurations

Nvd

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

opensuseopensuseMatch12.2

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

Node

googlechromeRange≤30.0.1599.100

googlechromeMatch30.0.1599.0

googlechromeMatch30.0.1599.1

googlechromeMatch30.0.1599.2

googlechromeMatch30.0.1599.4

googlechromeMatch30.0.1599.5

googlechromeMatch30.0.1599.6

googlechromeMatch30.0.1599.7

googlechromeMatch30.0.1599.8

googlechromeMatch30.0.1599.9

googlechromeMatch30.0.1599.10

googlechromeMatch30.0.1599.11

googlechromeMatch30.0.1599.12

googlechromeMatch30.0.1599.13

googlechromeMatch30.0.1599.14

googlechromeMatch30.0.1599.15

googlechromeMatch30.0.1599.16

googlechromeMatch30.0.1599.17

googlechromeMatch30.0.1599.18

googlechromeMatch30.0.1599.19

googlechromeMatch30.0.1599.20

googlechromeMatch30.0.1599.21

googlechromeMatch30.0.1599.22

googlechromeMatch30.0.1599.23

googlechromeMatch30.0.1599.24

googlechromeMatch30.0.1599.25

googlechromeMatch30.0.1599.26

googlechromeMatch30.0.1599.27

googlechromeMatch30.0.1599.28

googlechromeMatch30.0.1599.29

googlechromeMatch30.0.1599.30

googlechromeMatch30.0.1599.31

googlechromeMatch30.0.1599.32

googlechromeMatch30.0.1599.33

googlechromeMatch30.0.1599.34

googlechromeMatch30.0.1599.35

googlechromeMatch30.0.1599.36

googlechromeMatch30.0.1599.37

googlechromeMatch30.0.1599.38

googlechromeMatch30.0.1599.39

googlechromeMatch30.0.1599.40

googlechromeMatch30.0.1599.41

googlechromeMatch30.0.1599.42

googlechromeMatch30.0.1599.43

googlechromeMatch30.0.1599.44

googlechromeMatch30.0.1599.47

googlechromeMatch30.0.1599.48

googlechromeMatch30.0.1599.49

googlechromeMatch30.0.1599.50

googlechromeMatch30.0.1599.51

googlechromeMatch30.0.1599.52

googlechromeMatch30.0.1599.53

googlechromeMatch30.0.1599.56

googlechromeMatch30.0.1599.57

googlechromeMatch30.0.1599.58

googlechromeMatch30.0.1599.59

googlechromeMatch30.0.1599.60

googlechromeMatch30.0.1599.61

googlechromeMatch30.0.1599.64

googlechromeMatch30.0.1599.65

googlechromeMatch30.0.1599.66

googlechromeMatch30.0.1599.67

googlechromeMatch30.0.1599.68

googlechromeMatch30.0.1599.69

googlechromeMatch30.0.1599.79

googlechromeMatch30.0.1599.80

googlechromeMatch30.0.1599.81

googlechromeMatch30.0.1599.82

googlechromeMatch30.0.1599.84

googlechromeMatch30.0.1599.85

googlechromeMatch30.0.1599.86

googlechromeMatch30.0.1599.87

googlechromeMatch30.0.1599.88

googlechromeMatch30.0.1599.90

VendorProductVersionCPE
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0:::
debiandebian_linux7.0cpe:/o:debian:debian_linux:7.0:::

Vendor	Product	Version	CPE
debian	debian_linux	8.0	cpe:/o:debian:debian_linux:8.0:::
debian	debian_linux	7.0	cpe:/o:debian:debian_linux:7.0:::

References

archives.neohapsis.com/archives/bugtraq/2014-05/0128.html

archives.neohapsis.com/archives/bugtraq/2014-06/0174.html

archives.neohapsis.com/archives/bugtraq/2014-06/0175.html

googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html

lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html

lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html

lists.opensuse.org/opensuse-updates/2013-11/msg00077.html

lists.opensuse.org/opensuse-updates/2014-01/msg00042.html

support.apple.com/kb/HT6254

www.debian.org/security/2013/dsa-2785

code.google.com/p/chromium/issues/detail?id=297478

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19155

src.chromium.org/viewvc/blink?revision=158428&view=revision

support.apple.com/kb/HT6537

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.025

Percentile

90.2%

JSON

Related for CVE-2013-2927