Lucene search

[email protected]CVE-2014-1733

HistoryApr 26, 2014 - 10:55 a.m.

CVE-2014-1733

2014-04-2610:55:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2014-1733

pointercompare function

codegen.cc

seccomp-bpf

sandbox restrictions

google chrome

remote attackers

nvd

6.1 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.2%

JSON

The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access.

CPENameOperatorVersion
google:chromegoogle chromelt34.0.1847.131
google:chromegoogle chromelt34.0.1847.132

CPE	Name	Operator	Version
google:chrome	google chrome	lt	34.0.1847.131
google:chrome	google chrome	lt	34.0.1847.132

References

googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html

lists.opensuse.org/opensuse-updates/2014-05/msg00049.html

lists.opensuse.org/opensuse-updates/2014-05/msg00050.html

secunia.com/advisories/58301

security.gentoo.org/glsa/glsa-201408-16.xml

www.debian.org/security/2014/dsa-2920

code.google.com/p/chromium/issues/detail?id=351103

src.chromium.org/viewvc/chrome?revision=260157&view=revision

6.1 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.2%

JSON

Related for CVE-2014-1733

ubuntucve1 prion1 debiancve1 nessus10 debian2 osv1 openvas7 chrome1 freebsd1 securityvulns2 mageia1 gentoo1