-
Notifications
You must be signed in to change notification settings - Fork 254
CVE 2013 2878
Aidan Sawyer edited this page Dec 17, 2016
·
5 revisions
||| |:----|:------|:------| |CVE_ID| | |version_broken|| |version_found|27.0.1418.0| |version_fixed|28.0.1500.71| |file/s|core/editing/TextIterator.cpp| |subsystem|Core| |code review ID||
"allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the handling of text."
Lack of out of bounds protections and input sanitization allows for remote attackers to cause denial of service attacks with bad inputs.
| type/s | DoS, Overflow |
| coding mistakes | lack of input sanitization, buffer overflow protection |
| CWE-ID | 119 |
| Exploits | No Known |
| CVSS | |
|---|---|
| Overall | 5.0 |
| Confidentiality | None |
| Integrity | None |
| Availability | Partial |
| Access Complexity | Low |
| Authentication | None |
| Gained Access | None |
| commit_id | |
| commit_date | |
| user_username | |
| user_name | |
| user_role |
| issue_id | 177197https://bugs.chromium.org/p/chromium/issues/detail?id=177197 |
| date | 2013-02-20 |
| user_username | attek...@gmail.com |
| user_name | Atte Kettunen |
| user_role | member of Oulu University Secure Programming Group (OUSPG), at least 31 issues reported since |
| metasploit | None |
| bounty | None |
| commit_id | Revision 150123 |
| commit_date | 2013-05-10 |
| user_username | cevans@chromium.org |
| user_name | Chris Evans |
| user_role | Chrome Security team - Mountainview, CA |
| method | change ASSERT -> RELEASE_ALERT |
| files changed | 1 |
| lines of code | 1 |
| bounty | [employee] |
| testing_general | Fuzzers |
| testing_specific | Fuzzer 'Inferno_twister' used by chromium devs |