CVE-2013-0895

Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html
https://code.google.com/p/chromium/issues/detail?id=167840

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

History

07 Nov 2023, 02:14

Type	Values Removed	Values Added
References	~~(CONFIRM) http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html - Release Notes, Vendor Advisory~~	() http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html -
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html - Broken Link, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html -
References	~~(CONFIRM) https://code.google.com/p/chromium/issues/detail?id=167840 - Exploit, Issue Tracking, Mailing List, Vendor Advisory~~	() https://code.google.com/p/chromium/issues/detail?id=167840 -

Information

Published : 2013-02-23 21:55

Updated : 2024-02-28 12:00

NVD link : CVE-2013-0895

Mitre link : CVE-2013-0895

CVE.ORG link : CVE-2013-0895

JSON object : View

Products Affected

apple

mac_os_x

linux

linux_kernel

google

chrome

microsoft

windows

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2013-0895", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-02-23T21:55:01.767", "references": [{"url": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", "source": "chrome-cve-admin@google.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html", "source": "chrome-cve-admin@google.com"}, {"url": "https://code.google.com/p/chromium/issues/detail?id=167840", "source": "chrome-cve-admin@google.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors."}, {"lang": "es", "value": "Google Chrome antes de v25.0.1364.97 para Linux, y antes de v25.0.1364.99 para Mac OS X, no maneja correctamente las rutas durante la operaciones de copia, lo que podr\u00eda hacer que sea m\u00e1s f\u00e1cil para los atacantes remotos ejecutar programas arbitrarios a trav\u00e9s de vectores sin especificar."}], "lastModified": "2023-11-07T02:14:19.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0107C81D-3DF7-48EB-9907-A69D933C1A55", "versionEndExcluding": "25.0.1364.97"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4443B52-0815-45EB-A1F8-BF045F0ED921", "versionEndExcluding": "25.0.1364.99"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "chrome-cve-admin@google.com"}