CVE-2014-1713

Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value.
References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2014-03/0144.html
http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html
http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html
http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html
http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html
http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-2883
https://code.google.com/p/chromium/issues/detail?id=352374
https://src.chromium.org/viewvc/blink?revision=169176&view=revision
https://support.apple.com/kb/HT6537
http://archives.neohapsis.com/archives/bugtraq/2014-03/0144.html
http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html
http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html
http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html
http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html
http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-2883
https://code.google.com/p/chromium/issues/detail?id=352374
https://src.chromium.org/viewvc/blink?revision=169176&view=revision
https://support.apple.com/kb/HT6537
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:04

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2014-03/0144.html - () http://archives.neohapsis.com/archives/bugtraq/2014-03/0144.html -
References () http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html - () http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html -
References () http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html - () http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html -
References () http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html - () http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html -
References () http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html - () http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html -
References () http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html - () http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html -
References () http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html - () http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html -
References () http://security.gentoo.org/glsa/glsa-201408-16.xml - () http://security.gentoo.org/glsa/glsa-201408-16.xml -
References () http://www.debian.org/security/2014/dsa-2883 - () http://www.debian.org/security/2014/dsa-2883 -
References () https://code.google.com/p/chromium/issues/detail?id=352374 - () https://code.google.com/p/chromium/issues/detail?id=352374 -
References () https://src.chromium.org/viewvc/blink?revision=169176&view=revision - () https://src.chromium.org/viewvc/blink?revision=169176&view=revision -
References () https://support.apple.com/kb/HT6537 - () https://support.apple.com/kb/HT6537 -

Information

Published : 2014-03-16 14:06

Updated : 2025-04-12 10:46


NVD link : CVE-2014-1713

Mitre link : CVE-2014-1713

CVE.ORG link : CVE-2014-1713


JSON object : View

Products Affected

apple

  • mac_os_x

google

  • chrome

linux

  • linux_kernel

microsoft

  • windows
CWE
CWE-416

Use After Free