Vulnerability Name: | CVE-2014-3192 (CCN-96961) | ||||||||||||||||||||||||||||||||||||
Assigned: | 2014-10-07 | ||||||||||||||||||||||||||||||||||||
Published: | 2014-10-07 | ||||||||||||||||||||||||||||||||||||
Updated: | 2019-03-08 | ||||||||||||||||||||||||||||||||||||
Summary: | Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-416 | ||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2014-3192 Source: CCN Type: Google Chrome Releases Web site Stable Channel Update Source: CONFIRM Type: Vendor Advisory http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html Source: APPLE Type: Mailing List, Third Party Advisory APPLE-SA-2015-01-27-1 Source: APPLE Type: Mailing List, Third Party Advisory APPLE-SA-2015-01-27-2 Source: APPLE Type: Mailing List, Third Party Advisory APPLE-SA-2015-01-27-3 Source: APPLE Type: Mailing List, Third Party Advisory APPLE-SA-2015-06-30-6 Source: CCN Type: RHSA-2014-1626 Critical: chromium-browser security update Source: REDHAT Type: Third Party Advisory RHSA-2014:1626 Source: CCN Type: Apple Web site About the security content of Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 Source: CONFIRM Type: Third Party Advisory http://support.apple.com/HT204243 Source: CONFIRM Type: Third Party Advisory http://support.apple.com/HT204245 Source: CONFIRM Type: Third Party Advisory http://support.apple.com/HT204246 Source: BID Type: UNKNOWN 70273 Source: CCN Type: BID-70273 Google Chrome Prior to 38.0.2125.101 Multiple Security Vulnerabilities Source: SECTRACK Type: Third Party Advisory, VDB Entry 1031647 Source: CONFIRM Type: Issue Tracking, Third Party Advisory https://crbug.com/403276 Source: XF Type: UNKNOWN google-chrome-cve20143192-code-exec(96961) Source: CONFIRM Type: Issue Tracking, Third Party Advisory https://src.chromium.org/viewvc/blink?revision=182309&view=revision Source: CONFIRM Type: Third Party Advisory https://support.apple.com/kb/HT204949 | ||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
BACK |