CVE-2014-1731

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-1731
core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html
http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html
http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
http://secunia.com/advisories/58301
http://secunia.com/advisories/60372
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://support.apple.com/kb/HT6254
http://www.debian.org/security/2014/dsa-2920
http://www.securityfocus.com/bid/67572
https://code.google.com/p/chromium/issues/detail?id=349903
https://src.chromium.org/viewvc/blink?revision=171216&view=revision
https://support.apple.com/kb/HT6537
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
History

07 Nov 2023, 02:19

Type Values Removed Values Added
References (CONFIRM) http://support.apple.com/kb/HT6254 - Third Party Advisory () http://support.apple.com/kb/HT6254 -
References (SUSE) http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html - Broken Link () http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html -
References (APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html - Broken Link () http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html -
References (CONFIRM) https://support.apple.com/kb/HT6537 - Third Party Advisory () https://support.apple.com/kb/HT6537 -
References (APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html - Broken Link () http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html -
References (APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html - Broken Link () http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html -
References (GENTOO) http://security.gentoo.org/glsa/glsa-201408-16.xml - Third Party Advisory () http://security.gentoo.org/glsa/glsa-201408-16.xml -
References (SECUNIA) http://secunia.com/advisories/60372 - Broken Link () http://secunia.com/advisories/60372 -
References (DEBIAN) http://www.debian.org/security/2014/dsa-2920 - Third Party Advisory () http://www.debian.org/security/2014/dsa-2920 -
References (CONFIRM) https://code.google.com/p/chromium/issues/detail?id=349903 - Exploit, Issue Tracking, Mailing List, Vendor Advisory () https://code.google.com/p/chromium/issues/detail?id=349903 -
References (SECUNIA) http://secunia.com/advisories/58301 - Broken Link, Vendor Advisory () http://secunia.com/advisories/58301 -
References (SUSE) http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html - Broken Link () http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html -
References (CONFIRM) https://src.chromium.org/viewvc/blink?revision=171216&view=revision - Mailing List, Vendor Advisory () https://src.chromium.org/viewvc/blink?revision=171216&view=revision -
References (CONFIRM) http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html - Release Notes, Vendor Advisory () http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html -
References (BID) http://www.securityfocus.com/bid/67572 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/67572 -

10 Nov 2022, 17:58

Type Values Removed Values Added
CPE cpe:2.3:a:google:chrome:34.0.1847.104:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.44:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.118:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.37:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.79:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.57:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.94:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.61:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.6:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.83:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.59:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.81:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.43:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.100:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.48:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.39:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.91:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.56:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.8:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.25:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.10:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.14:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.80:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.111:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.69:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.65:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.77:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.72:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.15:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.52:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.120:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.7:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.3:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.130:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.71:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.86:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.49:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.42:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.85:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.47:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.41:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.60:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.54:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.73:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.98:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.114:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.68:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.113:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.23:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.63:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.99:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.24:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.50:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.64:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.53:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.97:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.102:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.67:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.109:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.55:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.45:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.82:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.116:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.58:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.4:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.66:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.78:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.46:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.103:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.38:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.9:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.5:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.92:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.75:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.87:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.12:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.101:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.51:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.36:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.76:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.74:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.62:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:34.0.1847.112:*:*:*:*:*:*:*		 cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
References (APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html - (APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html - Broken Link
References (SECUNIA) http://secunia.com/advisories/58301 - (SECUNIA) http://secunia.com/advisories/58301 - Broken Link, Vendor Advisory
References (CONFIRM) http://support.apple.com/kb/HT6254 - (CONFIRM) http://support.apple.com/kb/HT6254 - Third Party Advisory
References (GENTOO) http://security.gentoo.org/glsa/glsa-201408-16.xml - (GENTOO) http://security.gentoo.org/glsa/glsa-201408-16.xml - Third Party Advisory
References (BID) http://www.securityfocus.com/bid/67572 - (BID) http://www.securityfocus.com/bid/67572 - Third Party Advisory, VDB Entry
References (CONFIRM) https://src.chromium.org/viewvc/blink?revision=171216&view=revision - (CONFIRM) https://src.chromium.org/viewvc/blink?revision=171216&view=revision - Mailing List, Vendor Advisory
References (SECUNIA) http://secunia.com/advisories/60372 - (SECUNIA) http://secunia.com/advisories/60372 - Broken Link
References (CONFIRM) http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html - Vendor Advisory (CONFIRM) http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html - Release Notes, Vendor Advisory
References (CONFIRM) https://code.google.com/p/chromium/issues/detail?id=349903 - (CONFIRM) https://code.google.com/p/chromium/issues/detail?id=349903 - Exploit, Issue Tracking, Mailing List, Vendor Advisory
References (CONFIRM) https://support.apple.com/kb/HT6537 - (CONFIRM) https://support.apple.com/kb/HT6537 - Third Party Advisory
References (APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html - (APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html - Broken Link
References (APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html - (APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html - Broken Link
References (SUSE) http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html - (SUSE) http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html - Broken Link
References (DEBIAN) http://www.debian.org/security/2014/dsa-2920 - (DEBIAN) http://www.debian.org/security/2014/dsa-2920 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html - (SUSE) http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html - Broken Link
CWE CWE-20 CWE-843
Information

Published : 2014-04-26 10:55

Updated : 2023-12-10 11:31

NVD link : CVE-2014-1731

Mitre link : CVE-2014-1731

CVE.ORG link : CVE-2014-1731

JSON object : View

Products Affected

apple

  • mac_os_x

microsoft

  • windows

linux

  • linux_kernel

google

  • chrome
CWE
CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')