Vulnerability Details : CVE-2014-3171
Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp.
Vulnerability category: Memory CorruptionDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-3171
Probability of exploitation activity in the next 30 days: 1.82%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3171
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2014-3171
-
http://security.gentoo.org/glsa/glsa-201408-16.xml
Chromium: Multiple vulnerabilities (GLSA 201408-16) — Gentoo security
-
http://secunia.com/advisories/60424
Sign in
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95471
Google Chrome bindings code execution CVE-2014-3171 Vulnerability Report
-
http://secunia.com/advisories/60268
Sign in
-
http://www.debian.org/security/2014/dsa-3039
Debian -- Security Information -- DSA-3039-1 chromium-browser
-
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
http://secunia.com/advisories/61482
Sign in
-
https://crbug.com/390928
390928 - Heap-use-after-free in v8::internal::GlobalHandles::Create - chromium - Monorail
-
https://src.chromium.org/viewvc/blink?revision=178823&view=revision
[blink] Revision 178823Patch
-
http://www.securityfocus.com/bid/69406
Google Chrome CVE-2014-3171 Use After Free Remote Code Execution Vulnerability
-
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html
[security-announce] openSUSE-SU-2014:1151-1: important: chromium to 37.0
-
http://www.securitytracker.com/id/1030767
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Information - SecurityTracker
Products affected by CVE-2014-3171
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.60:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.68:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.69:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.75:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.76:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.90:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.91:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.64:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.65:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.71:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.72:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.80:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.47:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.55:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.62:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.63:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.70:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.77:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.78:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.92:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.25:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.66:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.73:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.74:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.81:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.89:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.9:*:*:*:*:*:*:*