CVE-2013-2902
Vulnerability from cvelistv5
Published
2013-08-21 10:00
Modified
2024-08-06 15:52
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:21.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://src.chromium.org/viewvc/blink?revision=155043\u0026view=revision"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://crbug.com/260105"
},
{
"name": "oval:org.mitre.oval:def:18313",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18313"
},
{
"name": "DSA-2741",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://src.chromium.org/viewvc/blink?revision=155043\u0026view=revision"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://crbug.com/260105"
},
{
"name": "oval:org.mitre.oval:def:18313",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18313"
},
{
"name": "DSA-2741",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2741"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2013-2902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://src.chromium.org/viewvc/blink?revision=155043\u0026view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=155043\u0026view=revision"
},
{
"name": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html"
},
{
"name": "http://crbug.com/260105",
"refsource": "CONFIRM",
"url": "http://crbug.com/260105"
},
{
"name": "oval:org.mitre.oval:def:18313",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18313"
},
{
"name": "DSA-2741",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2741"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2013-2902",
"datePublished": "2013-08-21T10:00:00",
"dateReserved": "2013-04-11T00:00:00",
"dateUpdated": "2024-08-06T15:52:21.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2013-2902\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2013-08-21T12:17:56.787\",\"lastModified\":\"2024-11-21T01:52:37.887\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la implementaci\u00f3n XSLT ProcessingInstruction en Blink, como es utilizado en Google Chrome anterior a v29.0.1547.57, permite a atacantes remotos provocar una denegaci\u00f3n de servicio o posiblemente tener un impacto no especificado a trav\u00e9s de vectores relacionados con la implementaci\u00f3n de una llamada applyXSLTransform en (1) un documento HTML o (2) un elemento \\\"xsl: processing-instruction\\\" que todav\u00eda est\u00e1 en el proceso de carga.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"29.0.1547.56\",\"matchCriteriaId\":\"C5F7E1EE-34F6-4ACD-8CB2-8E1E2C697167\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A205F4A9-C759-4EDE-A220-4E8254FDF710\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2691B40B-0780-4273-89A2-D4A27C9F6DDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A5E5187-F8DC-4ABC-8553-708863184E06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29895241-7320-4A63-9F5D-63DCDB746FA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29FC1D63-65E6-4A74-9A35-DF163695B02F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE4086C4-32FF-47B9-8028-976961465485\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96815460-04C1-4149-8816-7752E179982E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFBCA972-CA9A-45BF-BE23-783EAA57B77E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5B57105-A7FD-4C2D-AFA8-852372E18588\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DA34F38-99D6-475E-8E2B-FB5A8476B64E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C97CA451-8E54-4E8E-A016-F0B35898AC11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4994EC6-189A-469C-93B5-A937C00417DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AD3ACF2-C0FE-48DF-818B-85145B0FC1BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9636B493-5817-4FB6-9DC5-B90B00352633\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFDF5FF9-232E-4639-A9B7-3EED34473189\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C0520DA-59C7-439B-B844-3E4205D5F183\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E124A90-EB96-453E-A144-31B7D0837CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EC39D00-0AB3-428D-9ABC-68AD05F25C4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"740A8019-FBED-4CBE-9429-8B704F6AE1F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E20C7EE2-A0F6-41A0-B253-24C44C2B4504\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6969D860-2DD9-41C6-832C-9DD9E6ADB641\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23E7D241-B1EC-4C71-8040-21034EB307E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FCE5807-2AC0-4EAC-8254-0DE691BE1D51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EAC107C-35DD-44A4-A2DC-ACB038DE0A19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD6BE2CA-8D36-4D22-B647-CEB71882BDB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA6C1355-357C-496A-AD0A-07147AAB1F87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E715A992-AD6C-4108-B72D-2CD8079130D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"378821F6-51E8-46F6-99DA-088AE15CCA88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F65387F-8F24-4F56-AE72-BE3C275738D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C43A8070-20EF-47AE-AE18-29F84E6DE46C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16FA0F16-3056-4CF8-AFC9-63646C616834\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C4F7F75-26DF-4A4E-BB56-2C1518B444A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C623D17-6FA1-4BF4-B97B-C28C1A4FA94B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C278FCD7-B7D0-423D-ACA8-81E748D68E86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2DB4A78-442D-4C4D-81FE-8839BA1B32F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EB94975-2E46-4B37-914F-97EB52E53ABA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76A5684-CCE8-4596-95BA-6E885A55F7E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.41:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"775E231C-BFE6-4590-9D51-796CA54FF4FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C091A681-60FB-470F-8D86-E0EEC23B0266\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.45:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C41C427C-CDB7-4E9B-B46A-DED3DCCA16E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.46:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"911006E1-8631-4ADB-BD1D-6574EAEC36A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"258CE5FE-41C4-4738-A39F-E1885E070D6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.48:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4134B5DA-59A5-4BE5-8613-F9CC4776A0AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFD852DE-41AE-4C9F-898C-79C0B81B2B5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6975C72C-3499-4DBA-A1D3-56C67077AA03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6CB37BA-E21E-4DD7-AC2C-17D1951AA6AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2BAB482-CACD-465D-A007-5377C6FCE784\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F3581AF-6A19-42AD-ACA5-C1B8E922BE32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D85AA6D-A0B9-42F1-8F12-686256276F03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:29.0.1547.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"466AC650-FE2F-427A-AB9B-3E18F5563CE4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"}]}]}],\"references\":[{\"url\":\"http://crbug.com/260105\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.debian.org/security/2013/dsa-2741\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18313\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://src.chromium.org/viewvc/blink?revision=155043\u0026view=revision\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://crbug.com/260105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2013/dsa-2741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18313\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://src.chromium.org/viewvc/blink?revision=155043\u0026view=revision\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.