Lucene search

ChromeCVE-2015-1209

HistoryFeb 06, 2015 - 11:59 a.m.

CVE-2015-1209

2015-02-0611:59:07

CWE-416

Chrome

web.nvd.nist.gov

cve-2015-1209

vulnerability

visibleselection

blink

google chrome

denial of service

dom

javascript

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.02

Percentile

89.0%

JSON

Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor.

Affected configurations

Nvd

Node

googlechromeRange<40.0.2214.109android

Node

googlechromeRange<40.0.2214.111

AND

applemacosMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

Node

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch14.10

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.6

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch6.6

redhatenterprise_linux_workstationMatch6.0

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:android:*:*
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
canonicalubuntu_linux14.10cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
redhatenterprise_linux_desktop6.0cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_eus6.6cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*
redhatenterprise_linux_server6.0cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::android::*
google	chrome	*	cpe:2.3:a:google:chrome::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
canonical	ubuntu_linux	14.10	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*
redhat	enterprise_linux_desktop	6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
redhat	enterprise_linux_eus	6.6	cpe:2.3:o:redhat:enterprise_linux_eus:6.6:::::::*
redhat	enterprise_linux_server	6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*