Vulnerability Details : CVE-2013-6659
The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user's expectations, by initiating a TLS renegotiation.
Products affected by CVE-2013-6659
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.113:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.112:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.104:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.93:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.83:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.82:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.73:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.71:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.64:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.63:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.55:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.47:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.115:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.107:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.106:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.88:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.85:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.75:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.74:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.66:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.65:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.40:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.109:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.108:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.90:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.89:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.79:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.77:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.76:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.68:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.60:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.111:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.110:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.92:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.91:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.81:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.80:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.70:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.69:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.62:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.25:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6659
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6659
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
CWE ids for CVE-2013-6659
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6659
-
http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html
openSUSE-SU-2014:0327-1: moderate: chromium: update to 33.0.1750.117 sec
-
http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
http://www.debian.org/security/2014/dsa-2883
Debian -- Security Information -- DSA-2883-1 chromium-browser
-
https://code.google.com/p/chromium/issues/detail?id=306959
-
https://src.chromium.org/viewvc/chrome?revision=229611&view=revision
[chrome] Revision 229611Patch
Jump to