CVE-2014-1730

{"id": "CVE-2014-1730", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-04-26T10:55:05.433", "references": [{"url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html", "source": "chrome-cve-admin@google.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html", "source": "chrome-cve-admin@google.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html", "source": "chrome-cve-admin@google.com"}, {"url": "http://secunia.com/advisories/58301", "source": "chrome-cve-admin@google.com"}, {"url": "http://secunia.com/advisories/60372", "source": "chrome-cve-admin@google.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201408-16.xml", "source": "chrome-cve-admin@google.com"}, {"url": "http://www.debian.org/security/2014/dsa-2920", "source": "chrome-cve-admin@google.com"}, {"url": "https://code.google.com/p/chromium/issues/detail?id=354967", "source": "chrome-cve-admin@google.com"}, {"url": "https://code.google.com/p/v8/source/detail?r=20375", "source": "chrome-cve-admin@google.com"}, {"url": "https://code.google.com/p/v8/source/detail?r=20377", "source": "chrome-cve-admin@google.com"}, {"url": "https://code.google.com/p/v8/source/detail?r=20388", "source": "chrome-cve-admin@google.com"}, {"url": "https://code.google.com/p/v8/source/detail?r=20593", "source": "chrome-cve-admin@google.com"}, {"url": "https://code.google.com/p/v8/source/detail?r=20595", "source": "chrome-cve-admin@google.com"}, {"url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/58301", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/60372", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.gentoo.org/glsa/glsa-201408-16.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2014/dsa-2920", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://code.google.com/p/chromium/issues/detail?id=354967", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://code.google.com/p/v8/source/detail?r=20375", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://code.google.com/p/v8/source/detail?r=20377", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://code.google.com/p/v8/source/detail?r=20388", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://code.google.com/p/v8/source/detail?r=20593", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://code.google.com/p/v8/source/detail?r=20595", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-843"}]}], "descriptions": [{"lang": "en", "value": "Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging \"type confusion\" and reading property values, related to i18n.js and runtime.cc."}, {"lang": "es", "value": "Google V8, utilizado en Google Chrome anterior a 34.0.1847.131 en Windows y OS X y anterior a 34.0.1847.132 en Linux, no almacena debidamente metadatos de internacionalizaci\u00f3n, lo que permite a atacantes remotos evadir restricciones de acceso mediante el aprovechamiento de \"confusi\u00f3n de tipo\" y la lectura de valores de propiedad, relacionado con i18n.js y runtime.cc."}], "lastModified": "2024-11-21T02:04:55.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59F9F3BD-65CD-462B-A3CD-D970F48AABAB", "versionEndExcluding": "34.0.1847.131"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "682715EE-1BA1-4A6B-AEB6-B99257B38A45", "versionEndExcluding": "34.0.1847.132"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "chrome-cve-admin@google.com"}