CVE-2013-2927 | Tenable®

Login

Tenable Community & Support

Tenable University

CVE-2013-2927

MEDIUM

Description

Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements.

References

http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html

http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html

http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html

http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html

http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html

http://support.apple.com/kb/HT6254

http://www.debian.org/security/2013/dsa-2785

https://code.google.com/p/chromium/issues/detail?id=297478

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19155

https://src.chromium.org/viewvc/blink?revision=158428&view=revision

https://support.apple.com/kb/HT6537

Details

Source: MITRE

Published: 2013-10-16

Updated: 2018-10-30

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:google:chrome:30.0.1599.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.6:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.11:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.13:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.14:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.15:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.16:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.17:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.18:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.19:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.20:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.21:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.22:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.23:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.24:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.25:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.26:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.28:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.29:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.30:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.32:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.34:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.40:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.42:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.43:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.44:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.47:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.48:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.49:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.50:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.51:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.52:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.53:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.56:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.57:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.58:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.59:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.60:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.61:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.64:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.65:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.66:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.67:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.68:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.69:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.79:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.80:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.81:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.82:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.84:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.85:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.86:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.87:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.88:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:30.0.1599.90:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to 30.0.1599.100 (inclusive)

Tenable Plugins

View all (19 total)

ID	Name	Product	Family	Severity
78598	Apple iTunes < 12.0.1 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	critical
78597	Apple iTunes < 12.0.1 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	critical
8561	iTunes < 12.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical
8323	Apple TV < 6.1.2 Multiple Vulnerabilities	Nessus Network Monitor	Internet Services	critical
8322	Apple iOS 7.x < 7.1.2 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
76315	Apple iOS < 7.1.2 Multiple Vulnerabilities	Nessus	Mobile Devices	critical
75366	openSUSE Security Update : chromium (openSUSE-SU-2014:0065-1)	Nessus	SuSE Local Security Checks	critical
75225	openSUSE Security Update : chromium (openSUSE-SU-2013:1861-1)	Nessus	SuSE Local Security Checks	critical
75212	openSUSE Security Update : chromium (openSUSE-SU-2013:1776-1)	Nessus	SuSE Local Security Checks	critical
75205	openSUSE Security Update : chromium (openSUSE-SU-2013:1729-1)	Nessus	SuSE Local Security Checks	high
8264	Safari < 6.1.4 / 7.0.4 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
74139	Mac OS X : Apple Safari < 6.1.4 / 7.0.4 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
72851	GLSA-201403-01 : Chromium, V8: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
70892	Google Chrome < 30.0.1599.101 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
8047	Google Chrome < 30.0.1599.101 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
801610	Google Chrome < 30.0.1599.101 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	medium
70636	Debian DSA-2785-1 : chromium-browser - several vulnerabilities	Nessus	Debian Local Security Checks	high
70494	Google Chrome < 30.0.1599.101 Multiple Vulnerabilities	Nessus	Windows	high
70449	FreeBSD : chromium -- multiple vulnerabilities (710cd5d5-35cb-11e3-85f9-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	high