CVE-2013-2925

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conflicting uses of the same XMLHttpRequest object.

References

http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html

http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html

http://www.debian.org/security/2013/dsa-2785

https://code.google.com/p/chromium/issues/detail?id=292422

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18866

https://src.chromium.org/viewvc/blink?revision=158146&view=revision

Details

Source: MITRE

Published: 2013-10-16

Updated: 2017-09-19

Type: CWE-399

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:google:chrome:30.0.1599.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.6:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.11:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.13:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.14:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.15:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.16:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.17:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.18:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.19:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.20:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.21:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.22:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.23:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.24:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.25:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.26:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.28:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.29:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.30:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.32:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.34:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.40:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.42:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.43:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.44:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.47:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.48:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.49:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.50:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.51:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.52:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.53:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.56:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.57:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.58:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.59:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.60:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.61:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.64:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.65:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.66:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.67:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.68:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.69:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.79:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.80:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.81:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.82:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.84:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.85:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.86:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.87:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.88:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.90:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to 30.0.1599.100 (inclusive)

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
75366openSUSE Security Update : chromium (openSUSE-SU-2014:0065-1)NessusSuSE Local Security Checks
critical
75225openSUSE Security Update : chromium (openSUSE-SU-2013:1861-1)NessusSuSE Local Security Checks
critical
75212openSUSE Security Update : chromium (openSUSE-SU-2013:1776-1)NessusSuSE Local Security Checks
critical
75205openSUSE Security Update : chromium (openSUSE-SU-2013:1729-1)NessusSuSE Local Security Checks
high
72851GLSA-201403-01 : Chromium, V8: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
70892Google Chrome < 30.0.1599.101 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
8047Google Chrome < 30.0.1599.101 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
801610Google Chrome < 30.0.1599.101 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
medium
70636Debian DSA-2785-1 : chromium-browser - several vulnerabilitiesNessusDebian Local Security Checks
high
70494Google Chrome < 30.0.1599.101 Multiple VulnerabilitiesNessusWindows
high
70449FreeBSD : chromium -- multiple vulnerabilities (710cd5d5-35cb-11e3-85f9-00262d5ed8ee)NessusFreeBSD Local Security Checks
high