CVE-2014-3190

2014-10-0810:55:06

CWE-416

[email protected]

web.nvd.nist.gov

cve-2014-3190

vulnerability

denial of service

application crash

remote attackers

javascript

blink

google chrome

7.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that accesses the path property of an Event object.

CPE configuration

NVD

googlechromeRange≤38.0.2125.7

CPENameOperatorVersion
google:chromegoogle chromele38.0.2125.7
redhat:enterprise_linux_desktop_supplementaryredhat enterprise linux desktop supplementaryeq6.0
redhat:enterprise_linux_server_supplementaryredhat enterprise linux server supplementaryeq6.0
redhat:enterprise_linux_server_supplementary_eusredhat enterprise linux server supplementary euseq6.6.z
redhat:enterprise_linux_workstation_supplementaryredhat enterprise linux workstation supplementaryeq6.0

CPE	Name	Operator	Version
google:chrome	google chrome	le	38.0.2125.7
redhat:enterprise_linux_desktop_supplementary	redhat enterprise linux desktop supplementary	eq	6.0
redhat:enterprise_linux_server_supplementary	redhat enterprise linux server supplementary	eq	6.0
redhat:enterprise_linux_server_supplementary_eus	redhat enterprise linux server supplementary eus	eq	6.6.z
redhat:enterprise_linux_workstation_supplementary	redhat enterprise linux workstation supplementary	eq	6.0