Lucene search

[email protected]NVD:CVE-2014-3174

HistoryAug 27, 2014 - 1:55 a.m.

CVE-2014-3174

2014-08-2701:55:05

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

Confidence

High

EPSS

0.018

Percentile

88.2%

JSON

modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls.

Affected configurations

Nvd

Node

googlechromeRange≤37.0.2062.93

googlechromeMatch37.0.2062.0

googlechromeMatch37.0.2062.1

googlechromeMatch37.0.2062.2

googlechromeMatch37.0.2062.3

googlechromeMatch37.0.2062.4

googlechromeMatch37.0.2062.5

googlechromeMatch37.0.2062.6

googlechromeMatch37.0.2062.7

googlechromeMatch37.0.2062.8

googlechromeMatch37.0.2062.9

googlechromeMatch37.0.2062.10

googlechromeMatch37.0.2062.11

googlechromeMatch37.0.2062.12

googlechromeMatch37.0.2062.13

googlechromeMatch37.0.2062.14

googlechromeMatch37.0.2062.15

googlechromeMatch37.0.2062.16

googlechromeMatch37.0.2062.17

googlechromeMatch37.0.2062.18

googlechromeMatch37.0.2062.19

googlechromeMatch37.0.2062.20

googlechromeMatch37.0.2062.21

googlechromeMatch37.0.2062.22

googlechromeMatch37.0.2062.23

googlechromeMatch37.0.2062.24

googlechromeMatch37.0.2062.25

googlechromeMatch37.0.2062.26

googlechromeMatch37.0.2062.27

googlechromeMatch37.0.2062.28

googlechromeMatch37.0.2062.29

googlechromeMatch37.0.2062.30

googlechromeMatch37.0.2062.31

googlechromeMatch37.0.2062.32

googlechromeMatch37.0.2062.33

googlechromeMatch37.0.2062.34

googlechromeMatch37.0.2062.35

googlechromeMatch37.0.2062.36

googlechromeMatch37.0.2062.37

googlechromeMatch37.0.2062.39

googlechromeMatch37.0.2062.43

googlechromeMatch37.0.2062.44

googlechromeMatch37.0.2062.45

googlechromeMatch37.0.2062.46

googlechromeMatch37.0.2062.47

googlechromeMatch37.0.2062.48

googlechromeMatch37.0.2062.49

googlechromeMatch37.0.2062.50

googlechromeMatch37.0.2062.51

googlechromeMatch37.0.2062.52

googlechromeMatch37.0.2062.53

googlechromeMatch37.0.2062.54

googlechromeMatch37.0.2062.55

googlechromeMatch37.0.2062.56

googlechromeMatch37.0.2062.57

googlechromeMatch37.0.2062.58

googlechromeMatch37.0.2062.59

googlechromeMatch37.0.2062.60

googlechromeMatch37.0.2062.61

googlechromeMatch37.0.2062.62

googlechromeMatch37.0.2062.63

googlechromeMatch37.0.2062.64

googlechromeMatch37.0.2062.65

googlechromeMatch37.0.2062.66

googlechromeMatch37.0.2062.67

googlechromeMatch37.0.2062.68

googlechromeMatch37.0.2062.69

googlechromeMatch37.0.2062.70

googlechromeMatch37.0.2062.71

googlechromeMatch37.0.2062.72

googlechromeMatch37.0.2062.73

googlechromeMatch37.0.2062.74

googlechromeMatch37.0.2062.75

googlechromeMatch37.0.2062.76

googlechromeMatch37.0.2062.77

googlechromeMatch37.0.2062.78

googlechromeMatch37.0.2062.80

googlechromeMatch37.0.2062.81

googlechromeMatch37.0.2062.89

googlechromeMatch37.0.2062.90

googlechromeMatch37.0.2062.91

googlechromeMatch37.0.2062.92

References

googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html

secunia.com/advisories/60268

secunia.com/advisories/60424

secunia.com/advisories/61482

security.gentoo.org/glsa/glsa-201408-16.xml

www.debian.org/security/2014/dsa-3039

www.securityfocus.com/bid/69407

www.securitytracker.com/id/1030767

crbug.com/389219

exchange.xforce.ibmcloud.com/vulnerabilities/95474

src.chromium.org/viewvc/blink?revision=177250&view=revision

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

Confidence

High

EPSS

0.018

Percentile

88.2%

JSON

Related for NVD:CVE-2014-3174

debiancve1 cvelist1 prion1 ubuntucve1 cve1 ubuntu1 openvas8 nessus8 threatpost1 suse1 chrome1 freebsd1 securityvulns2 osv1 debian2 gentoo1