Lucene search

[email protected]CVE-2014-3192

HistoryOct 08, 2014 - 10:55 a.m.

CVE-2014-3192

2014-10-0810:55:06

CWE-416

[email protected]

web.nvd.nist.gov

cve-2014-3192

use-after-free vulnerability

processinginstruction

setxslstylesheet

blink

google chrome

denial of service

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

4.5 Medium

AI Score

Confidence

High

0.043 Low

EPSS

Percentile

92.3%

JSON

Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Affected configurations

NVD

Node

redhatenterprise_linux_desktop_supplementaryMatch6.0

redhatenterprise_linux_server_supplementaryMatch6.0

redhatenterprise_linux_server_supplementary_eusMatch6.6.z

redhatenterprise_linux_workstation_supplementaryMatch6.0

Node

appleitunesRange≤12.1.3

applesafariMatch6.2.2

applesafariMatch7.1.2

applesafariMatch8.0.2

appleiphone_osRange≤8.1.2

appletvosRange≤7.0.1

Node

googlechromeRange≤38.0.2125.7

CPENameOperatorVersion
redhat:enterprise_linux_desktop_supplementaryredhat enterprise linux desktop supplementaryeq6.0
redhat:enterprise_linux_server_supplementaryredhat enterprise linux server supplementaryeq6.0
redhat:enterprise_linux_server_supplementary_eusredhat enterprise linux server supplementary euseq6.6.z
redhat:enterprise_linux_workstation_supplementaryredhat enterprise linux workstation supplementaryeq6.0

CPE	Name	Operator	Version
redhat:enterprise_linux_desktop_supplementary	redhat enterprise linux desktop supplementary	eq	6.0
redhat:enterprise_linux_server_supplementary	redhat enterprise linux server supplementary	eq	6.0
redhat:enterprise_linux_server_supplementary_eus	redhat enterprise linux server supplementary eus	eq	6.6.z
redhat:enterprise_linux_workstation_supplementary	redhat enterprise linux workstation supplementary	eq	6.0