CVE-2014-1731

core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html
http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html
http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
http://secunia.com/advisories/58301
http://secunia.com/advisories/60372
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://support.apple.com/kb/HT6254
http://www.debian.org/security/2014/dsa-2920
http://www.securityfocus.com/bid/67572
https://code.google.com/p/chromium/issues/detail?id=349903
https://src.chromium.org/viewvc/blink?revision=171216&view=revision
https://support.apple.com/kb/HT6537
http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html
http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html
http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
http://secunia.com/advisories/58301
http://secunia.com/advisories/60372
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://support.apple.com/kb/HT6254
http://www.debian.org/security/2014/dsa-2920
http://www.securityfocus.com/bid/67572
https://code.google.com/p/chromium/issues/detail?id=349903
https://src.chromium.org/viewvc/blink?revision=171216&view=revision
https://support.apple.com/kb/HT6537

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:04

10 Nov 2022, 17:58

Information

Published : 2014-04-26 10:55

Updated : 2024-11-21 02:04

NVD link : CVE-2014-1731

Mitre link : CVE-2014-1731

CVE.ORG link : CVE-2014-1731

JSON object : View

Products Affected

google

chrome

microsoft

windows

linux

linux_kernel

apple

mac_os_x

CWE

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

Type	Values Removed	Values Added
CWE	~~CWE-20~~	CWE-843
CPE	cpe:2.3:a:google:chrome:34.0.1847.50:::::::* cpe:2.3:a:google:chrome:34.0.1847.94:::::::* cpe:2.3:a:google:chrome:34.0.1847.65:::::::* cpe:2.3:a:google:chrome:34.0.1847.8:::::::* cpe:2.3:a:google:chrome:34.0.1847.75:::::::* cpe:2.3:a:google:chrome:34.0.1847.73:::::::* cpe:2.3:a:google:chrome:34.0.1847.91:::::::* cpe:2.3:a:google:chrome:34.0.1847.63:::::::* cpe:2.3:a:google:chrome:34.0.1847.9:::::::* cpe:2.3:a:google:chrome:34.0.1847.6:::::::* cpe:2.3:a:google:chrome:34.0.1847.80:::::::* cpe:2.3:a:google:chrome:34.0.1847.98:::::::* cpe:2.3:a:google:chrome:34.0.1847.52:::::::* cpe:2.3:a:google:chrome:34.0.1847.37:::::::* cpe:2.3:a:google:chrome:34.0.1847.64:::::::* cpe:2.3:a:google:chrome:34.0.1847.72:::::::* cpe:2.3:a:google:chrome:34.0.1847.71:::::::* cpe:2.3:a:google:chrome:34.0.1847.5:::::::* cpe:2.3:a:google:chrome:34.0.1847.39:::::::* cpe:2.3:a:google:chrome:34.0.1847.58:::::::* cpe:2.3:a:google:chrome:34.0.1847.82:::::::* cpe:2.3:a:google:chrome:34.0.1847.54:::::::* cpe:2.3:a:google:chrome:34.0.1847.85:::::::* cpe:2.3:a:google:chrome:34.0.1847.12:::::::* cpe:2.3:a:google:chrome:34.0.1847.115:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:a:google:chrome:34.0.1847.69:::::::* cpe:2.3:a:google:chrome:34.0.1847.57:::::::* cpe:2.3:a:google:chrome:34.0.1847.60:::::::* cpe:2.3:a:google:chrome:34.0.1847.103:::::::* cpe:2.3:a:google:chrome:34.0.1847.67:::::::* cpe:2.3:a:google:chrome:34.0.1847.104:::::::* cpe:2.3:a:google:chrome:34.0.1847.101:::::::* cpe:2.3:a:google:chrome:34.0.1847.113:::::::* cpe:2.3:a:google:chrome:34.0.1847.116:::::::* cpe:2.3:a:google:chrome:34.0.1847.1:::::::* cpe:2.3:a:google:chrome:34.0.1847.112:::::::* cpe:2.3:a:google:chrome:34.0.1847.4:::::::* cpe:2.3:a:google:chrome:34.0.1847.109:::::::* cpe:2.3:a:google:chrome:34.0.1847.130:::::::* cpe:2.3:a:google:chrome:34.0.1847.102:::::::* cpe:2.3:a:google:chrome:34.0.1847.68:::::::* cpe:2.3:a:google:chrome:34.0.1847.114:::::::* cpe:2.3:a:google:chrome:34.0.1847.83:::::::* cpe:2.3:a:google:chrome:34.0.1847.44:::::::* cpe:2.3:a:google:chrome:34.0.1847.23:::::::* cpe:2.3:a:google:chrome:34.0.1847.86:::::::* cpe:2.3:a:google:chrome:34.0.1847.55:::::::* cpe:2.3:a:google:chrome:34.0.1847.92:::::::* cpe:2.3:a:google:chrome:34.0.1847.77:::::::* cpe:2.3:a:google:chrome:34.0.1847.59:::::::* cpe:2.3:a:google:chrome:34.0.1847.51:::::::* cpe:2.3:a:google:chrome:34.0.1847.10:::::::* cpe:2.3:a:google:chrome:34.0.1847.53:::::::* cpe:2.3:o:apple:mac_os_x:::::::: cpe:2.3:a:google:chrome:34.0.1847.120:::::::* cpe:2.3:a:google:chrome:34.0.1847.78:::::::* cpe:2.3:a:google:chrome:34.0.1847.3:::::::* cpe:2.3:a:google:chrome:34.0.1847.42:::::::* cpe:2.3:a:google:chrome:34.0.1847.97:::::::* cpe:2.3:a:google:chrome:34.0.1847.7:::::::* cpe:2.3:a:google:chrome:34.0.1847.47:::::::* cpe:2.3:a:google:chrome:34.0.1847.66:::::::* cpe:2.3:a:google:chrome:34.0.1847.61:::::::* cpe:2.3:a:google:chrome:34.0.1847.14:::::::* cpe:2.3:a:google:chrome:34.0.1847.56:::::::* cpe:2.3:a:google:chrome:34.0.1847.49:::::::* cpe:2.3:a:google:chrome:34.0.1847.81:::::::* cpe:2.3:a:google:chrome:34.0.1847.43:::::::* cpe:2.3:a:google:chrome:34.0.1847.24:::::::* cpe:2.3:a:google:chrome:34.0.1847.87:::::::* cpe:2.3:o:microsoft:windows:::::::: cpe:2.3:a:google:chrome:34.0.1847.36:::::::* cpe:2.3:a:google:chrome:34.0.1847.118:::::::* cpe:2.3:a:google:chrome:34.0.1847.48:::::::* cpe:2.3:a:google:chrome:34.0.1847.46:::::::* cpe:2.3:a:google:chrome:34.0.1847.62:::::::* cpe:2.3:a:google:chrome:34.0.1847.99:::::::* cpe:2.3:a:google:chrome:34.0.1847.45:::::::* cpe:2.3:a:google:chrome:34.0.1847.25:::::::* cpe:2.3:a:google:chrome:34.0.1847.100:::::::* cpe:2.3:a:google:chrome:34.0.1847.74:::::::* cpe:2.3:a:google:chrome:34.0.1847.38:::::::* cpe:2.3:a:google:chrome:34.0.1847.79:::::::* cpe:2.3:a:google:chrome:34.0.1847.41:::::::* cpe:2.3:a:google:chrome:34.0.1847.2:::::::* cpe:2.3:a:google:chrome:34.0.1847.111:::::::* cpe:2.3:a:google:chrome:34.0.1847.76:::::::* cpe:2.3:a:google:chrome:34.0.1847.15:::::::*	cpe:2.3:o:apple:mac_os_x:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::*
References	~~(CONFIRM) https://src.chromium.org/viewvc/blink?revision=171216&view=revision -~~	(CONFIRM) https://src.chromium.org/viewvc/blink?revision=171216&view=revision - Mailing List, Vendor Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html -~~	(SUSE) http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/60372 -~~	(SECUNIA) http://secunia.com/advisories/60372 - Broken Link
References	~~(APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html -~~	(APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html - Broken Link
References	~~(DEBIAN) http://www.debian.org/security/2014/dsa-2920 -~~	(DEBIAN) http://www.debian.org/security/2014/dsa-2920 - Third Party Advisory
References	~~(APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html -~~	(APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html - Broken Link
References	~~(APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html -~~	(APPLE) http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html - Broken Link
References	~~(GENTOO) http://security.gentoo.org/glsa/glsa-201408-16.xml -~~	(GENTOO) http://security.gentoo.org/glsa/glsa-201408-16.xml - Third Party Advisory
References	~~(CONFIRM) http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html - Vendor Advisory~~	(CONFIRM) http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html - Release Notes, Vendor Advisory
References	~~(SECUNIA) http://secunia.com/advisories/58301 -~~	(SECUNIA) http://secunia.com/advisories/58301 - Broken Link, Vendor Advisory
References	~~(BID) http://www.securityfocus.com/bid/67572 -~~	(BID) http://www.securityfocus.com/bid/67572 - Third Party Advisory, VDB Entry
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html -~~	(SUSE) http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html - Broken Link
References	~~(CONFIRM) http://support.apple.com/kb/HT6254 -~~	(CONFIRM) http://support.apple.com/kb/HT6254 - Third Party Advisory
References	~~(CONFIRM) https://support.apple.com/kb/HT6537 -~~	(CONFIRM) https://support.apple.com/kb/HT6537 - Third Party Advisory
References	~~(CONFIRM) https://code.google.com/p/chromium/issues/detail?id=349903 -~~	(CONFIRM) https://code.google.com/p/chromium/issues/detail?id=349903 - Exploit, Issue Tracking, Mailing List, Vendor Advisory

7.5 /10