Vulnerability Details : CVE-2014-3155
net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance.
Vulnerability category: Denial of service
Products affected by CVE-2014-3155
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.101:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.110:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.71:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.108:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.109:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.69:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.82:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.84:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.93:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.95:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.103:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.104:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.111:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.112:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.40:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.47:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.74:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.77:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.88:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.72:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.85:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.86:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.96:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.98:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.99:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.105:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.106:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.107:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.68:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.80:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.90:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.92:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.142:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.141:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.125:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.124:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.117:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.116:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.115:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.151:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.137:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.128:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.121:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.120:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.150:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.149:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.127:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.126:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.119:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.118:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.140:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.138:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.123:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.122:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.114:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.113:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3155
2.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3155
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2014-3155
-
https://src.chromium.org/viewvc/chrome?revision=268730&view=revision
[chrome] Revision 268730
-
https://src.chromium.org/viewvc/chrome?revision=269246&view=revision
[chrome] Revision 269246
-
http://security.gentoo.org/glsa/glsa-201408-16.xml
Chromium: Multiple vulnerabilities (GLSA 201408-16) — Gentoo security
-
http://secunia.com/advisories/59090
Sign in
-
https://code.google.com/p/chromium/issues/detail?id=369539
Inloggen - Google Accounts
-
http://secunia.com/advisories/60061
Sign in
-
http://secunia.com/advisories/58585
Sign in
-
http://www.debian.org/security/2014/dsa-2959
Debian -- Security Information -- DSA-2959-1 chromium-browser
-
http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html
Chrome Releases: Stable Channel Update
-
http://secunia.com/advisories/60372
Sign in
-
http://www.securityfocus.com/bid/67980
Google Chrome CVE-2014-3155 Out of Bounds Memory Corruption Vulnerability
-
https://src.chromium.org/viewvc/chrome?revision=267984&view=revision
[chrome] Revision 267984
Jump to