ID CVE-2013-2902
Summary Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading.
References
Vulnerable Configurations
  • Google Chrome 29.0.1547.56
    cpe:2.3:a:google:chrome:29.0.1547.56
  • Google Chrome 29.0.1547.55
    cpe:2.3:a:google:chrome:29.0.1547.55
  • Google Chrome 29.0.1547.54
    cpe:2.3:a:google:chrome:29.0.1547.54
  • Google Chrome 29.0.1547.53
    cpe:2.3:a:google:chrome:29.0.1547.53
  • Google Chrome 29.0.1547.52
    cpe:2.3:a:google:chrome:29.0.1547.52
  • Google Chrome 29.0.1547.51
    cpe:2.3:a:google:chrome:29.0.1547.51
  • Google Chrome 29.0.1547.50
    cpe:2.3:a:google:chrome:29.0.1547.50
  • Google Chrome 29.0.1547.49
    cpe:2.3:a:google:chrome:29.0.1547.49
  • Google Chrome 29.0.1547.48
    cpe:2.3:a:google:chrome:29.0.1547.48
  • Google Chrome 29.0.1547.47
    cpe:2.3:a:google:chrome:29.0.1547.47
  • Google Chrome 29.0.1547.46
    cpe:2.3:a:google:chrome:29.0.1547.46
  • Google Chrome 29.0.1547.45
    cpe:2.3:a:google:chrome:29.0.1547.45
  • Google Chrome 29.0.1547.42
    cpe:2.3:a:google:chrome:29.0.1547.42
  • Google Chrome 29.0.1547.41
    cpe:2.3:a:google:chrome:29.0.1547.41
  • Google Chrome 29.0.1547.40
    cpe:2.3:a:google:chrome:29.0.1547.40
  • Google Chrome 29.0.1547.39
    cpe:2.3:a:google:chrome:29.0.1547.39
  • Google Chrome 29.0.1547.38
    cpe:2.3:a:google:chrome:29.0.1547.38
  • Google Chrome 29.0.1547.37
    cpe:2.3:a:google:chrome:29.0.1547.37
  • Google Chrome 29.0.1547.36
    cpe:2.3:a:google:chrome:29.0.1547.36
  • Google Chrome 29.0.1547.35
    cpe:2.3:a:google:chrome:29.0.1547.35
  • Google Chrome 29.0.1547.34
    cpe:2.3:a:google:chrome:29.0.1547.34
  • Google Chrome 29.0.1547.33
    cpe:2.3:a:google:chrome:29.0.1547.33
  • Google Chrome 29.0.1547.32
    cpe:2.3:a:google:chrome:29.0.1547.32
  • Google Chrome 29.0.1547.31
    cpe:2.3:a:google:chrome:29.0.1547.31
  • Google Chrome 29.0.1547.30
    cpe:2.3:a:google:chrome:29.0.1547.30
  • Google Chrome 29.0.1547.29
    cpe:2.3:a:google:chrome:29.0.1547.29
  • Google Chrome 29.0.1547.28
    cpe:2.3:a:google:chrome:29.0.1547.28
  • Google Chrome 29.0.1547.27
    cpe:2.3:a:google:chrome:29.0.1547.27
  • Google Chrome 29.0.1547.23
    cpe:2.3:a:google:chrome:29.0.1547.23
  • Google Chrome 29.0.1547.22
    cpe:2.3:a:google:chrome:29.0.1547.22
  • Google Chrome 29.0.1547.21
    cpe:2.3:a:google:chrome:29.0.1547.21
  • Google Chrome 29.0.1547.20
    cpe:2.3:a:google:chrome:29.0.1547.20
  • Google Chrome 29.0.1547.19
    cpe:2.3:a:google:chrome:29.0.1547.19
  • Google Chrome 29.0.1547.18
    cpe:2.3:a:google:chrome:29.0.1547.18
  • Google Chrome 29.0.1547.17
    cpe:2.3:a:google:chrome:29.0.1547.17
  • Google Chrome 29.0.1547.16
    cpe:2.3:a:google:chrome:29.0.1547.16
  • Google Chrome 29.0.1547.15
    cpe:2.3:a:google:chrome:29.0.1547.15
  • Google Chrome 29.0.1547.14
    cpe:2.3:a:google:chrome:29.0.1547.14
  • Google Chrome 29.0.1547.13
    cpe:2.3:a:google:chrome:29.0.1547.13
  • Google Chrome 29.0.1547.12
    cpe:2.3:a:google:chrome:29.0.1547.12
  • Google Chrome 29.0.1547.11
    cpe:2.3:a:google:chrome:29.0.1547.11
  • Google Chrome 29.0.1547.10
    cpe:2.3:a:google:chrome:29.0.1547.10
  • Google Chrome 29.0.1547.9
    cpe:2.3:a:google:chrome:29.0.1547.9
  • Google Chrome 29.0.1547.8
    cpe:2.3:a:google:chrome:29.0.1547.8
  • Google Chrome 29.0.1547.7
    cpe:2.3:a:google:chrome:29.0.1547.7
  • Google Chrome 29.0.1547.5
    cpe:2.3:a:google:chrome:29.0.1547.5
  • Google Chrome 29.0.1547.4
    cpe:2.3:a:google:chrome:29.0.1547.4
  • Google Chrome 29.0.1547.3
    cpe:2.3:a:google:chrome:29.0.1547.3
  • Google Chrome 29.0.1547.2
    cpe:2.3:a:google:chrome:29.0.1547.2
  • Google Chrome 29.0.1547.1
    cpe:2.3:a:google:chrome:29.0.1547.1
  • Google Chrome 29.0.1547.0
    cpe:2.3:a:google:chrome:29.0.1547.0
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
CVSS
Base: 7.5 (as of 18-10-2016 - 07:52)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2741.NASL
    description Several vulnerabilities have been discovered in the Chromium web browser. - CVE-2013-2887 The chrome 29 development team found various issues from internal fuzzing, audits, and other studies. - CVE-2013-2900 Krystian Bigaj discovered a file handling path sanitization issue. - CVE-2013-2901 Alex Chapman discovered an integer overflow issue in ANGLE, the Almost Native Graphics Layer. - CVE-2013-2902 cloudfuzzer discovered a use-after-free issue in XSLT. - CVE-2013-2903 cloudfuzzer discovered a use-after-free issue in HTMLMediaElement. - CVE-2013-2904 cloudfuzzer discovered a use-after-free issue in XML document parsing. - CVE-2013-2905 Christian Jaeger discovered an information leak due to insufficient file permissions.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 69470
    published 2013-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69470
    title Debian DSA-2741-1 : chromium-browser - several vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_GOOGLE_CHROME_29_0_1547_57.NASL
    description The version of Google Chrome installed on the remote host is a version prior to 29.0.1547.57. It is, therefore, affected by multiple vulnerabilities : - Various unspecified errors exist. No further details have been provided. (CVE-2013-2887) - An input validation error exists related to incomplete paths and file handling. (CVE-2013-2900) - An integer overflow error exists related to 'ANGLE'. (CVE-2013-2901) - Use-after-free errors exist related to 'XSLT', the 'media' element and document parsing. (CVE-2013-2902, CVE-2013-2903, CVE-2013-2904) - An error exists related to shared memory files that could lead to the disclosure of sensitive information. (CVE-2013-2905)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 70891
    published 2013-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70891
    title Google Chrome < 29.0.1547.57 Multiple Vulnerabilities (Mac OS X)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201309-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 70112
    published 2013-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70112
    title GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities
  • NASL family Windows
    NASL id GOOGLE_CHROME_29_0_1547_57.NASL
    description The version of Google Chrome installed on the remote host is a version prior to 29.0.1547.57. It is, therefore, affected by multiple vulnerabilities : - Various unspecified errors exist. No further details have been provided. (CVE-2013-2887) - An input validation error exists related to incomplete paths and file handling. (CVE-2013-2900) - An integer overflow error exists related to 'ANGLE'. (CVE-2013-2901) - Use-after-free errors exist related to 'XSLT', the 'media' element and document parsing. (CVE-2013-2902, CVE-2013-2903, CVE-2013-2904) - An error exists related to shared memory files that could lead to the disclosure of sensitive information. (CVE-2013-2905) - An error exists related to HTTP Cookie headers and validation that could allow denial of service attacks. (CVE-2013-6166)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 69423
    published 2013-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69423
    title Google Chrome < 29.0.1547.57 Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_AE651A4B0A4211E3BA5200262D5ED8EE.NASL
    description Google Chrome Releases reports : 25 security fixes in this release, including : - [181617] High CVE-2013-2900: Incomplete path sanitization in file handling. Credit to Krystian Bigaj. - [254159] Low CVE-2013-2905: Information leak via overly broad permissions on shared memory files. Credit to Christian Jaeger. - [257363] High CVE-2013-2901: Integer overflow in ANGLE. Credit to Alex Chapman. - [260105] High CVE-2013-2902: Use after free in XSLT. Credit to cloudfuzzer. - [260156] High CVE-2013-2903: Use after free in media element. Credit to cloudfuzzer. - [260428] High CVE-2013-2904: Use after free in document parsing. Credit to cloudfuzzer. - [274602] CVE-2013-2887: Various fixes from internal audits, fuzzing and other initiatives (Chrome 29).
    last seen 2019-02-21
    modified 2013-10-13
    plugin id 69437
    published 2013-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69437
    title FreeBSD : chromium -- multiple vulnerabilities (ae651a4b-0a42-11e3-ba52-00262d5ed8ee)
oval via4
accepted 2013-09-30T04:01:03.800-04:00
class vulnerability
contributors
name Shane Shaffer
organization G2, Inc.
definition_extensions
comment Google Chrome is installed
oval oval:org.mitre.oval:def:11914
description Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading.
family windows
id oval:org.mitre.oval:def:18313
status accepted
submitted 2013-08-21T14:36:01.598-04:00
title Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading.
version 40
refmap via4
confirm
debian DSA-2741
Last major update 18-10-2016 - 13:14
Published 21-08-2013 - 08:17
Last modified 18-09-2017 - 21:36
Back to Top