Lucene search
ChromeCVE-2014-1746HistoryMay 21, 2014 - 11:14 a.m.
CVE-2014-1746
2014-05-2111:14:09
CWE-119
Chrome
web.nvd.nist.gov
43
cve-2014-1746
google chrome
inmemoryurlprotocol
remote attackers
denial of service
out-of-bounds read
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6
Confidence
Low
EPSS
0.007
Percentile
79.7%
The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer.
Affected configurations
Node
googlechromeRange≤35.0.1916.113
ORgooglechromeMatch35.0.1916.0
ORgooglechromeMatch35.0.1916.1
ORgooglechromeMatch35.0.1916.2
ORgooglechromeMatch35.0.1916.3
ORgooglechromeMatch35.0.1916.4
ORgooglechromeMatch35.0.1916.5
ORgooglechromeMatch35.0.1916.6
ORgooglechromeMatch35.0.1916.7
ORgooglechromeMatch35.0.1916.8
ORgooglechromeMatch35.0.1916.9
ORgooglechromeMatch35.0.1916.10
ORgooglechromeMatch35.0.1916.11
ORgooglechromeMatch35.0.1916.13
ORgooglechromeMatch35.0.1916.14
ORgooglechromeMatch35.0.1916.15
ORgooglechromeMatch35.0.1916.17
ORgooglechromeMatch35.0.1916.18
ORgooglechromeMatch35.0.1916.19
ORgooglechromeMatch35.0.1916.20
ORgooglechromeMatch35.0.1916.21
ORgooglechromeMatch35.0.1916.22
ORgooglechromeMatch35.0.1916.23
ORgooglechromeMatch35.0.1916.27
ORgooglechromeMatch35.0.1916.31
ORgooglechromeMatch35.0.1916.32
ORgooglechromeMatch35.0.1916.33
ORgooglechromeMatch35.0.1916.34
ORgooglechromeMatch35.0.1916.35
ORgooglechromeMatch35.0.1916.36
ORgooglechromeMatch35.0.1916.37
ORgooglechromeMatch35.0.1916.38
ORgooglechromeMatch35.0.1916.39
ORgooglechromeMatch35.0.1916.40
ORgooglechromeMatch35.0.1916.41
ORgooglechromeMatch35.0.1916.42
ORgooglechromeMatch35.0.1916.43
ORgooglechromeMatch35.0.1916.44
ORgooglechromeMatch35.0.1916.45
ORgooglechromeMatch35.0.1916.46
ORgooglechromeMatch35.0.1916.47
ORgooglechromeMatch35.0.1916.48
ORgooglechromeMatch35.0.1916.49
ORgooglechromeMatch35.0.1916.51
ORgooglechromeMatch35.0.1916.52
ORgooglechromeMatch35.0.1916.54
ORgooglechromeMatch35.0.1916.56
ORgooglechromeMatch35.0.1916.57
ORgooglechromeMatch35.0.1916.59
ORgooglechromeMatch35.0.1916.61
ORgooglechromeMatch35.0.1916.68
ORgooglechromeMatch35.0.1916.69
ORgooglechromeMatch35.0.1916.71
ORgooglechromeMatch35.0.1916.72
ORgooglechromeMatch35.0.1916.74
ORgooglechromeMatch35.0.1916.77
ORgooglechromeMatch35.0.1916.80
ORgooglechromeMatch35.0.1916.82
ORgooglechromeMatch35.0.1916.84
ORgooglechromeMatch35.0.1916.85
ORgooglechromeMatch35.0.1916.86
ORgooglechromeMatch35.0.1916.88
ORgooglechromeMatch35.0.1916.90
ORgooglechromeMatch35.0.1916.92
ORgooglechromeMatch35.0.1916.93
ORgooglechromeMatch35.0.1916.95
ORgooglechromeMatch35.0.1916.96
ORgooglechromeMatch35.0.1916.98
ORgooglechromeMatch35.0.1916.99
ORgooglechromeMatch35.0.1916.101
ORgooglechromeMatch35.0.1916.103
ORgooglechromeMatch35.0.1916.104
ORgooglechromeMatch35.0.1916.105
ORgooglechromeMatch35.0.1916.106
ORgooglechromeMatch35.0.1916.107
ORgooglechromeMatch35.0.1916.108
ORgooglechromeMatch35.0.1916.109
ORgooglechromeMatch35.0.1916.110
ORgooglechromeMatch35.0.1916.111
ORgooglechromeMatch35.0.1916.112
| Vendor | Product | Version | CPE |
|---|---|---|---|
| chrome | * | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.0 | cpe:2.3:a:google:chrome:35.0.1916.0:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.1 | cpe:2.3:a:google:chrome:35.0.1916.1:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.2 | cpe:2.3:a:google:chrome:35.0.1916.2:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.3 | cpe:2.3:a:google:chrome:35.0.1916.3:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.4 | cpe:2.3:a:google:chrome:35.0.1916.4:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.5 | cpe:2.3:a:google:chrome:35.0.1916.5:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.6 | cpe:2.3:a:google:chrome:35.0.1916.6:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.7 | cpe:2.3:a:google:chrome:35.0.1916.7:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.8 | cpe:2.3:a:google:chrome:35.0.1916.8:*:*:*:*:*:*:* |
References
googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
secunia.com/advisories/58920
secunia.com/advisories/59155
secunia.com/advisories/60372
security.gentoo.org/glsa/glsa-201408-16.xml
www.debian.org/security/2014/dsa-2939
www.securitytracker.com/id/1030270
code.google.com/p/chromium/issues/detail?id=364065
src.chromium.org/viewvc/chrome?revision=267280&view=revision
Related
ubuntucve
ubuntucve
CVE-2014-1746
2014-05-21 00:00:00
nvd
nvd
CVE-2014-1746
2014-05-21 11:14:09
debiancve
debiancve
CVE-2014-1746
2014-05-21 11:14:00
prion
prion
Out-of-bounds
2014-05-21 11:14:00
cvelist
cvelist
CVE-2014-1746
2014-05-21 10:00:00
threatpost
threatpost
Chrome 35 Fixes 23 Security Flaws
2014-05-20 14:11:21
debian
debian
[SECURITY] [DSA 2939-1] chromium-browser security update
2014-05-31 07:27:02
[SECURITY] [DSA 2939-1] chromium-browser security update
2014-05-31 07:27:02
kaspersky
kaspersky
KLA10007 Multiple vulnerabilities in Google Chrome
2014-05-20 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2014-05-20 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2939-1] chromium-browser security update
2014-06-09 00:00:00
Google Chrome / Chromium multiple security vulnerabilities
2014-06-09 00:00:00
openvas
openvas
Debian Security Advisory DSA 2939-1 (chromium-browser - security update)
2014-05-31 00:00:00
Google Chrome Multiple Vulnerabilities - 01 (Jun 2014) - Windows
2014-06-04 00:00:00
Google Chrome Multiple Vulnerabilities - 01 (Jun 2014) - Linux
2014-06-04 00:00:00
nessus
nessus
Debian DSA-2939-1 : chromium-browser - security update
2014-06-02 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (64f3872b-e05d-11e3-9dd4-00262d5ed8ee)
2014-05-21 00:00:00
Opera < 22 Multiple Chromium Vulnerabilities
2014-06-06 00:00:00
chrome
chrome
Stable Channel Update
2014-05-20 00:00:00
osv
osv
chromium-browser - security update
2014-05-31 00:00:00
chromedriver-55.0.2883.75-3.1 on GA media
2024-06-15 00:00:00
ungoogled-chromium-113.0.5672.92-1.1 on GA media
2024-06-15 00:00:00
ubuntu
ubuntu
Oxide vulnerabilities
2014-07-23 00:00:00
gentoo
gentoo
Chromium: Multiple vulnerabilities
2014-08-30 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6
Confidence
Low
EPSS
0.007
Percentile
79.7%
Related for CVE-2014-1746