CVE-2013-2927

EUVD-2013-2866
Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
debiandebian_linux
7.0
debiandebian_linux
8.0
opensuseopensuse
12.2
opensuseopensuse
12.3
opensuseopensuse
13.1
googlechrome
𝑥
≤ 30.0.1599.100
googlechrome
30.0.1599.0
googlechrome
30.0.1599.1
googlechrome
30.0.1599.2
googlechrome
30.0.1599.4
googlechrome
30.0.1599.5
googlechrome
30.0.1599.6
googlechrome
30.0.1599.7
googlechrome
30.0.1599.8
googlechrome
30.0.1599.9
googlechrome
30.0.1599.10
googlechrome
30.0.1599.11
googlechrome
30.0.1599.12
googlechrome
30.0.1599.13
googlechrome
30.0.1599.14
googlechrome
30.0.1599.15
googlechrome
30.0.1599.16
googlechrome
30.0.1599.17
googlechrome
30.0.1599.18
googlechrome
30.0.1599.19
googlechrome
30.0.1599.20
googlechrome
30.0.1599.21
googlechrome
30.0.1599.22
googlechrome
30.0.1599.23
googlechrome
30.0.1599.24
googlechrome
30.0.1599.25
googlechrome
30.0.1599.26
googlechrome
30.0.1599.27
googlechrome
30.0.1599.28
googlechrome
30.0.1599.29
googlechrome
30.0.1599.30
googlechrome
30.0.1599.31
googlechrome
30.0.1599.32
googlechrome
30.0.1599.33
googlechrome
30.0.1599.34
googlechrome
30.0.1599.35
googlechrome
30.0.1599.36
googlechrome
30.0.1599.37
googlechrome
30.0.1599.38
googlechrome
30.0.1599.39
googlechrome
30.0.1599.40
googlechrome
30.0.1599.41
googlechrome
30.0.1599.42
googlechrome
30.0.1599.43
googlechrome
30.0.1599.44
googlechrome
30.0.1599.47
googlechrome
30.0.1599.48
googlechrome
30.0.1599.49
googlechrome
30.0.1599.50
googlechrome
30.0.1599.51
googlechrome
30.0.1599.52
googlechrome
30.0.1599.53
googlechrome
30.0.1599.56
googlechrome
30.0.1599.57
googlechrome
30.0.1599.58
googlechrome
30.0.1599.59
googlechrome
30.0.1599.60
googlechrome
30.0.1599.61
googlechrome
30.0.1599.64
googlechrome
30.0.1599.65
googlechrome
30.0.1599.66
googlechrome
30.0.1599.67
googlechrome
30.0.1599.68
googlechrome
30.0.1599.69
googlechrome
30.0.1599.79
googlechrome
30.0.1599.80
googlechrome
30.0.1599.81
googlechrome
30.0.1599.82
googlechrome
30.0.1599.84
googlechrome
30.0.1599.85
googlechrome
30.0.1599.86
googlechrome
30.0.1599.87
googlechrome
30.0.1599.88
googlechrome
30.0.1599.90
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
lucid
ignored
precise
Fixed 30.0.1599.114-0ubuntu0.12.04.3
released
quantal
Fixed 30.0.1599.114-0ubuntu0.12.10.2
released
raring
Fixed 30.0.1599.114-0ubuntu0.13.04.2
released
saucy
Fixed 30.0.1599.114-0ubuntu0.13.10.2
released
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html
http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html
http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html
http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
http://support.apple.com/kb/HT6254
http://www.debian.org/security/2013/dsa-2785
https://code.google.com/p/chromium/issues/detail?id=297478
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19155
https://src.chromium.org/viewvc/blink?revision=158428&view=revision
https://support.apple.com/kb/HT6537
http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html
http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html
http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html
http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
http://support.apple.com/kb/HT6254
http://www.debian.org/security/2013/dsa-2785
https://code.google.com/p/chromium/issues/detail?id=297478
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19155
https://src.chromium.org/viewvc/blink?revision=158428&view=revision
https://support.apple.com/kb/HT6537