Vulnerability Details : CVE-2013-6644
Potential exploit
Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Vulnerability category: Denial of service
Products affected by CVE-2013-6644
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6644
0.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6644
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-6644
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6644
-
http://www.debian.org/security/2014/dsa-2862
Debian -- Security Information -- DSA-2862-1 chromium-browserThird Party Advisory
-
http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html
Chrome Releases: Stable Channel UpdateRelease Notes;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=333036
333036 - Tracking bug for internal security fixes for Chrome 32, Release 0 - chromium - MonorailBroken Link;Mailing List;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=280352
280352 - ASSERTION FAILED: !node || node->hasTagName(HTMLNames::tdTag) || node->hasTagName(HTMLNames::thTag), UNKNOWN in WebCore::AccessibilityTable::isDataTable - chromium - MonorailExploit;Mailing List;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=317423
317423 - Heap-use-after-free in WebCore::RenderBlockFlow::determineStartPosition - chromium - MonorailExploit;Mailing List;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=316298
316298 - Security: Bad cast in ToRenderWidgetHostViewAura in web_contents_view_aura.cc - chromium - MonorailExploit;Mailing List;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=317485
317485 - Use-after-free from SVGMatrixTearOff - chromium - MonorailExploit;Mailing List;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=317097
317097 - ASSERTION FAILED: m_context->document().documentElement() != m_context, Heap-use-after-free in WebCore::SVGTransformV8Internal::angleAttributeGetterCallback - chromium - MonorailExploit;Mailing List;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=327729
327729 - Heap-use-after-free in WebCore::SVGPropertyTearOff<WebCore::SVGMatrix>::detachWrapper - chromium - MonorailExploit;Mailing List;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=313743
313743 - Heap-use-after-free in extensions::ExtensionAPI::SplitDependencyName - chromium - MonorailExploit;Mailing List;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=328456
328456 - ASSERTION FAILED: !m_deletionHasBegun, UNKNOWN in WebCore::FormAssociatedElement::formRemovedFromTree - chromium - MonorailExploit;Mailing List;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=319477
319477 - clipboard.cc issues - chromium - MonorailExploit;Mailing List;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=304547
304547 - Security: popups opened in fullscreen mode are opened as popunders - chromium - MonorailExploit;Mailing List;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=322195
322195 - Heap-use-after-free in content::WebRTCIdentityServiceHost::OnRequestIdentity - chromium - MonorailExploit;Mailing List;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=320344
320344 - Heap-use-after-free in WebCore::ChannelProvider::provideInput - chromium - MonorailExploit;Mailing List;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=318791
318791 - Security: Crash in aura::Window::NotifyWindowHierarchyChangeAtReceiver - chromium - MonorailExploit;Mailing List;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=269837
269837 - Heap-buffer-overflow in util::to_uint16_t - chromium - MonorailExploit;Mailing List;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=314402
314402 - UNKNOWN in WebCore::computeShapePaddingBounds - chromium - MonorailExploit;Mailing List;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=322662
322662 - Multiprofile: Screen does not lock when non-corp account is active - chromium - MonorailMailing List;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=317284
317284 - ASSERTION FAILED: width == frameRect.width(), UNKNOWN in WebCore::WEBPImageDecoder::applyPostProcessing - chromium - MonorailExploit;Mailing List;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html
[security-announce] openSUSE-SU-2014:0243-1: important: chromium to 32.0Broken Link;Mailing List;Third Party Advisory
-
https://code.google.com/p/chromium/issues/detail?id=324321
324321 - Heap-use-after-free in WebCore::Document::updateLayout - chromium - MonorailExploit;Mailing List;Vendor Advisory
Jump to