CVE-2014-1713

Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2014-03/0144.html
http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html
http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html
http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html
http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html
http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-2883
https://code.google.com/p/chromium/issues/detail?id=352374
https://src.chromium.org/viewvc/blink?revision=169176&view=revision
https://support.apple.com/kb/HT6537

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

07 Nov 2023, 02:19

Type	Values Removed	Values Added
References	~~(CONFIRM) http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html - Release Notes, Vendor Advisory~~	() http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html -
References	~~(CONFIRM) https://support.apple.com/kb/HT6537 - Third Party Advisory~~	() https://support.apple.com/kb/HT6537 -
References	~~(CONFIRM) https://code.google.com/p/chromium/issues/detail?id=352374 - Exploit, Issue Tracking, Mailing List, Vendor Advisory~~	() https://code.google.com/p/chromium/issues/detail?id=352374 -
References	~~(CONFIRM) https://src.chromium.org/viewvc/blink?revision=169176&view=revision - Mailing List, Vendor Advisory~~	() https://src.chromium.org/viewvc/blink?revision=169176&view=revision -
References	~~(CONFIRM) http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html - Release Notes, Vendor Advisory~~	() http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html -
References	~~(BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2014-03/0144.html - Broken Link~~	() http://archives.neohapsis.com/archives/bugtraq/2014-03/0144.html -
References	~~(GENTOO) http://security.gentoo.org/glsa/glsa-201408-16.xml - Third Party Advisory~~	() http://security.gentoo.org/glsa/glsa-201408-16.xml -
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html - Broken Link~~	() http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html -
References	~~(APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html - Broken Link~~	() http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html -
References	~~(APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html - Broken Link~~	() http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html -
References	~~(DEBIAN) http://www.debian.org/security/2014/dsa-2883 - Third Party Advisory~~	() http://www.debian.org/security/2014/dsa-2883 -
References	~~(APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html - Broken Link~~	() http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html -

10 Nov 2022, 16:50

Type	Values Removed	Values Added
CWE	~~CWE-399~~	CWE-416
References	~~(CONFIRM) http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html - Vendor Advisory~~	(CONFIRM) http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html - Release Notes, Vendor Advisory
References	~~(GENTOO) http://security.gentoo.org/glsa/glsa-201408-16.xml -~~	(GENTOO) http://security.gentoo.org/glsa/glsa-201408-16.xml - Third Party Advisory
References	~~(APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html -~~	(APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html - Broken Link
References	~~(CONFIRM) https://src.chromium.org/viewvc/blink?revision=169176&view=revision -~~	(CONFIRM) https://src.chromium.org/viewvc/blink?revision=169176&view=revision - Mailing List, Vendor Advisory
References	~~(CONFIRM) https://code.google.com/p/chromium/issues/detail?id=352374 -~~	(CONFIRM) https://code.google.com/p/chromium/issues/detail?id=352374 - Exploit, Issue Tracking, Mailing List, Vendor Advisory
References	~~(APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html -~~	(APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html - Broken Link
References	~~(BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2014-03/0144.html -~~	(BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2014-03/0144.html - Broken Link
References	~~(CONFIRM) https://support.apple.com/kb/HT6537 -~~	(CONFIRM) https://support.apple.com/kb/HT6537 - Third Party Advisory
References	~~(CONFIRM) http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html - Vendor Advisory~~	(CONFIRM) http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html - Release Notes, Vendor Advisory
References	~~(DEBIAN) http://www.debian.org/security/2014/dsa-2883 -~~	(DEBIAN) http://www.debian.org/security/2014/dsa-2883 - Third Party Advisory
References	~~(APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html -~~	(APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html - Broken Link
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html - Broken Link
CPE	cpe:2.3:a:google:chrome:33.0.1750.30:::::::* cpe:2.3:a:google:chrome:33.0.1750.40:::::::* cpe:2.3:a:google:chrome:33.0.1750.73:::::::* cpe:2.3:a:google:chrome:33.0.1750.68:::::::* cpe:2.3:a:google:chrome:33.0.1750.52:::::::* cpe:2.3:a:google:chrome:33.0.1750.93:::::::* cpe:2.3:a:google:chrome:33.0.1750.41:::::::* cpe:2.3:a:google:chrome:33.0.1750.79:::::::* cpe:2.3:a:google:chrome:33.0.1750.43:::::::* cpe:2.3:a:google:chrome:33.0.1750.89:::::::* cpe:2.3:a:google:chrome:33.0.1750.112:::::::* cpe:2.3:a:google:chrome:33.0.1750.47:::::::* cpe:2.3:a:google:chrome:33.0.1750.59:::::::* cpe:2.3:a:google:chrome:33.0.1750.11:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:a:google:chrome:33.0.1750.25:::::::* cpe:2.3:a:google:chrome:33.0.1750.81:::::::* cpe:2.3:a:google:chrome:33.0.1750.28:::::::* cpe:2.3:a:google:chrome:33.0.1750.2:::::::* cpe:2.3:a:google:chrome:33.0.1750.37:::::::* cpe:2.3:a:google:chrome:33.0.1750.7:::::::* cpe:2.3:a:google:chrome:33.0.1750.146:::::::* cpe:2.3:a:google:chrome:33.0.1750.10:::::::* cpe:2.3:a:google:chrome:33.0.1750.151:::::::* cpe:2.3:a:google:chrome:33.0.1750.92:::::::* cpe:2.3:a:google:chrome:33.0.1750.107:::::::* cpe:2.3:a:google:chrome:33.0.1750.83:::::::* cpe:2.3:a:google:chrome:33.0.1750.19:::::::* cpe:2.3:a:google:chrome:33.0.1750.26:::::::* cpe:2.3:a:google:chrome:33.0.1750.126:::::::* cpe:2.3:a:google:chrome:33.0.1750.4:::::::* cpe:2.3:a:google:chrome:33.0.1750.20:::::::* cpe:2.3:a:google:chrome:33.0.1750.75:::::::* cpe:2.3:a:google:chrome:33.0.1750.152:::::::* cpe:2.3:a:google:chrome:33.0.1750.80:::::::* cpe:2.3:a:google:chrome:33.0.1750.124:::::::* cpe:2.3:a:google:chrome:33.0.1750.74:::::::* cpe:2.3:a:google:chrome:33.0.1750.111:::::::* cpe:2.3:a:google:chrome:33.0.1750.27:::::::* cpe:2.3:a:google:chrome:33.0.1750.85:::::::* cpe:2.3:a:google:chrome:33.0.1750.113:::::::* cpe:2.3:a:google:chrome:33.0.1750.35:::::::* cpe:2.3:a:google:chrome:33.0.1750.54:::::::* cpe:2.3:a:google:chrome:33.0.1750.56:::::::* cpe:2.3:a:google:chrome:33.0.1750.144:::::::* cpe:2.3:a:google:chrome:33.0.1750.22:::::::* cpe:2.3:a:google:chrome:33.0.1750.6:::::::* cpe:2.3:a:google:chrome:33.0.1750.61:::::::* cpe:2.3:a:google:chrome:33.0.1750.88:::::::* cpe:2.3:a:google:chrome:33.0.1750.76:::::::* cpe:2.3:a:google:chrome:33.0.1750.15:::::::* cpe:2.3:a:google:chrome:33.0.1750.63:::::::* cpe:2.3:a:google:chrome:33.0.1750.12:::::::* cpe:2.3:a:google:chrome:33.0.1750.53:::::::* cpe:2.3:a:google:chrome:33.0.1750.46:::::::* cpe:2.3:a:google:chrome:33.0.1750.3:::::::* cpe:2.3:a:google:chrome:33.0.1750.110:::::::* cpe:2.3:a:google:chrome:33.0.1750.125:::::::* cpe:2.3:a:google:chrome:33.0.1750.34:::::::* cpe:2.3:a:google:chrome:33.0.1750.67:::::::* cpe:2.3:a:google:chrome:33.0.1750.116:::::::* cpe:2.3:a:google:chrome:33.0.1750.135:::::::* cpe:2.3:a:google:chrome:33.0.1750.133:::::::* cpe:2.3:a:google:chrome:33.0.1750.18:::::::* cpe:2.3:a:google:chrome:33.0.1750.9:::::::* cpe:2.3:a:google:chrome:33.0.1750.50:::::::* cpe:2.3:a:google:chrome:33.0.1750.5:::::::* cpe:2.3:a:google:chrome:33.0.1750.49:::::::* cpe:2.3:a:google:chrome:33.0.1750.55:::::::* cpe:2.3:a:google:chrome:33.0.1750.65:::::::* cpe:2.3:a:google:chrome:33.0.1750.132:::::::* cpe:2.3:a:google:chrome:33.0.1750.13:::::::* cpe:2.3:a:google:chrome:33.0.1750.36:::::::* cpe:2.3:a:google:chrome:33.0.1750.106:::::::* cpe:2.3:a:google:chrome:33.0.1750.8:::::::* cpe:2.3:a:google:chrome:33.0.1750.23:::::::* cpe:2.3:a:google:chrome:33.0.1750.58:::::::* cpe:2.3:a:google:chrome:33.0.1750.16:::::::* cpe:2.3:a:google:chrome:33.0.1750.62:::::::* cpe:2.3:a:google:chrome:33.0.1750.38:::::::* cpe:2.3:a:google:chrome:33.0.1750.42:::::::* cpe:2.3:a:google:chrome:33.0.1750.115:::::::* cpe:2.3:a:google:chrome:33.0.1750.136:::::::* cpe:2.3:a:google:chrome:33.0.1750.45:::::::* cpe:2.3:a:google:chrome:33.0.1750.77:::::::* cpe:2.3:a:google:chrome:33.0.1750.39:::::::* cpe:2.3:a:google:chrome:33.0.1750.48:::::::* cpe:2.3:a:google:chrome:33.0.1750.31:::::::* cpe:2.3:a:google:chrome:33.0.1750.71:::::::* cpe:2.3:a:google:chrome:33.0.1750.24:::::::* cpe:2.3:a:google:chrome:33.0.1750.69:::::::* cpe:2.3:a:google:chrome:33.0.1750.91:::::::* cpe:2.3:o:apple:mac_os_x:::::::: cpe:2.3:a:google:chrome:33.0.1750.104:::::::* cpe:2.3:a:google:chrome:33.0.1750.57:::::::* cpe:2.3:a:google:chrome:33.0.1750.66:::::::* cpe:2.3:a:google:chrome:33.0.1750.21:::::::* cpe:2.3:a:google:chrome:33.0.1750.0:::::::* cpe:2.3:o:microsoft:windows:::::::: cpe:2.3:a:google:chrome:33.0.1750.14:::::::* cpe:2.3:a:google:chrome:33.0.1750.108:::::::* cpe:2.3:a:google:chrome:33.0.1750.60:::::::* cpe:2.3:a:google:chrome:33.0.1750.90:::::::* cpe:2.3:a:google:chrome:33.0.1750.82:::::::* cpe:2.3:a:google:chrome:33.0.1750.109:::::::* cpe:2.3:a:google:chrome:33.0.1750.117:::::::* cpe:2.3:a:google:chrome:33.0.1750.64:::::::* cpe:2.3:a:google:chrome:33.0.1750.1:::::::* cpe:2.3:a:google:chrome:33.0.1750.29:::::::* cpe:2.3:a:google:chrome:33.0.1750.44:::::::* cpe:2.3:a:google:chrome:33.0.1750.51:::::::* cpe:2.3:a:google:chrome:33.0.1750.149:::::::* cpe:2.3:a:google:chrome:33.0.1750.70:::::::*	cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:o:apple:mac_os_x:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::*

Information

Published : 2014-03-16 14:06

Updated : 2023-12-10 11:31

NVD link : CVE-2014-1713

Mitre link : CVE-2014-1713

CVE.ORG link : CVE-2014-1713

JSON object : View

Products Affected

apple

mac_os_x

microsoft

windows

linux

linux_kernel

google

chrome

CWE

CWE-416

Use After Free

7.5 /10