CVE-2013-6632 - OpenCVE

Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Google	Chrome

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

No data.

References

Link	Providers
http://googlechromereleases.blogspot.com/2013/11/chrome-for-android-update.html
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
http://www.debian.org/security/2013/dsa-2799
http://www.hppwn2own.com/chrome-nexus-4-samsung-galaxy-s4-falls/
https://code.google.com/p/chromium/issues/detail?id=319117
https://code.google.com/p/chromium/issues/detail?id=319125

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-11-16T15:00:00

Updated: 2024-08-06T17:46:22.190Z

Reserved: 2013-11-05T00:00:00

Link: CVE-2013-6632

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-11-18T05:23:57.863

Modified: 2018-12-13T17:58:08.263

Link: CVE-2013-6632

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-14T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-03-04T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=319125"}, {"name": "openSUSE-SU-2014:0065", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.hppwn2own.com/chrome-nexus-4-samsung-galaxy-s4-falls/"}, {"name": "openSUSE-SU-2013:1776", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2013/11/chrome-for-android-update.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=319117"}, {"name": "DSA-2799", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2799"}, {"name": "openSUSE-SU-2013:1861", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"}, {"name": "openSUSE-SU-2013:1777", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6632", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://code.google.com/p/chromium/issues/detail?id=319125", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=319125"}, {"name": "openSUSE-SU-2014:0065", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"}, {"name": "http://www.hppwn2own.com/chrome-nexus-4-samsung-galaxy-s4-falls/", "refsource": "MISC", "url": "http://www.hppwn2own.com/chrome-nexus-4-samsung-galaxy-s4-falls/"}, {"name": "openSUSE-SU-2013:1776", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html"}, {"name": "http://googlechromereleases.blogspot.com/2013/11/chrome-for-android-update.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2013/11/chrome-for-android-update.html"}, {"name": "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html"}, {"name": "https://code.google.com/p/chromium/issues/detail?id=319117", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=319117"}, {"name": "DSA-2799", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2799"}, {"name": "openSUSE-SU-2013:1861", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"}, {"name": "openSUSE-SU-2013:1777", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:46:22.190Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/chromium/issues/detail?id=319125"}, {"name": "openSUSE-SU-2014:0065", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.hppwn2own.com/chrome-nexus-4-samsung-galaxy-s4-falls/"}, {"name": "openSUSE-SU-2013:1776", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2013/11/chrome-for-android-update.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/chromium/issues/detail?id=319117"}, {"name": "DSA-2799", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2799"}, {"name": "openSUSE-SU-2013:1861", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"}, {"name": "openSUSE-SU-2013:1777", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-6632", "datePublished": "2013-11-16T15:00:00", "dateReserved": "2013-11-05T00:00:00", "dateUpdated": "2024-08-06T17:46:22.190Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D8A1B86-F316-4DF7-9194-DAC6EFF42365", "versionEndExcluding": "31.0.1650.57", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013."}, {"lang": "es", "value": "Desbordamiento de enteros Google Chrome anterior a 31.0.1650.57 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de vectores no especificados, como se demostr\u00f3 durante una competici\u00f3n Pwn2Own Mobile en PacSec 2013."}], "id": "CVE-2013-6632", "lastModified": "2018-12-13T17:58:08.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-11-18T05:23:57.863", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://googlechromereleases.blogspot.com/2013/11/chrome-for-android-update.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2799"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.hppwn2own.com/chrome-nexus-4-samsung-galaxy-s4-falls/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://code.google.com/p/chromium/issues/detail?id=319117"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://code.google.com/p/chromium/issues/detail?id=319125"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}