CVE-2014-1725

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-1725
The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-2905
https://code.google.com/p/chromium/issues/detail?id=357332
https://src.chromium.org/viewvc/blink?revision=170264&view=revision
Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
History

07 Nov 2023, 02:19

Type Values Removed Values Added
References (GENTOO) http://security.gentoo.org/glsa/glsa-201408-16.xml - () http://security.gentoo.org/glsa/glsa-201408-16.xml -
References (CONFIRM) https://src.chromium.org/viewvc/blink?revision=170264&view=revision - () https://src.chromium.org/viewvc/blink?revision=170264&view=revision -
References (SUSE) http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html - () http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html -
References (CONFIRM) https://code.google.com/p/chromium/issues/detail?id=357332 - () https://code.google.com/p/chromium/issues/detail?id=357332 -
References (DEBIAN) http://www.debian.org/security/2014/dsa-2905 - () http://www.debian.org/security/2014/dsa-2905 -
References (CONFIRM) http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html - Vendor Advisory () http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html -
Information

Published : 2014-04-09 10:57

Updated : 2024-02-28 12:20

NVD link : CVE-2014-1725

Mitre link : CVE-2014-1725

CVE.ORG link : CVE-2014-1725

JSON object : View

Products Affected

google

  • chrome
CWE
CWE-20

Improper Input Validation