Vulnerability Details : CVE-2014-1725
The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2014-1725
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1725
1.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1725
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-1725
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1725
-
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
http://security.gentoo.org/glsa/glsa-201408-16.xml
Chromium: Multiple vulnerabilities (GLSA 201408-16) — Gentoo security
-
http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html
openSUSE-SU-2014:0601-1: moderate: update for chromium
-
https://code.google.com/p/chromium/issues/detail?id=357332
Inloggen - Google Accounts
-
https://src.chromium.org/viewvc/blink?revision=170264&view=revision
[blink] Revision 170264
-
http://www.debian.org/security/2014/dsa-2905
Debian -- Security Information -- DSA-2905-1 chromium-browser
Jump to