CVE-2013-2905

The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file.
Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.3:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.4:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.5:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.7:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.8:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.9:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.10:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.11:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.12:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.13:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.14:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.15:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.16:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.17:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.18:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.19:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.20:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.21:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.22:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.23:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.27:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.28:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.29:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.30:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.31:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.32:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.33:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.34:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.35:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.36:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.37:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.38:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.39:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.40:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.41:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.42:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.45:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.46:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.47:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.48:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.49:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.50:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.51:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.52:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.53:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.54:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:29.0.1547.55:*:*:*:*:*:*:*

History

21 Nov 2024, 01:52

Type Values Removed Values Added
References () http://crbug.com/254159 - () http://crbug.com/254159 -
References () http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html - () http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html -
References () http://www.debian.org/security/2013/dsa-2741 - () http://www.debian.org/security/2013/dsa-2741 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17583 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17583 -
References () https://src.chromium.org/viewvc/chrome?revision=209814&view=revision - () https://src.chromium.org/viewvc/chrome?revision=209814&view=revision -

07 Nov 2023, 02:15

Type Values Removed Values Added
References (DEBIAN) http://www.debian.org/security/2013/dsa-2741 - Third Party Advisory () http://www.debian.org/security/2013/dsa-2741 -
References (CONFIRM) https://src.chromium.org/viewvc/chrome?revision=209814&view=revision - Patch, Issue Tracking () https://src.chromium.org/viewvc/chrome?revision=209814&view=revision -
References (CONFIRM) http://crbug.com/254159 - Patch, Issue Tracking () http://crbug.com/254159 -
References (CONFIRM) http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html - Vendor Advisory () http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html -

Information

Published : 2013-08-21 12:17

Updated : 2024-11-21 01:52


NVD link : CVE-2013-2905

Mitre link : CVE-2013-2905

CVE.ORG link : CVE-2013-2905


JSON object : View

Products Affected

google

  • chrome

debian

  • debian_linux
CWE
CWE-264

Permissions, Privileges, and Access Controls