CVE-2014-1736 - Vulnerability Details - OpenCVE

Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X
Google	Chrome
Linux	Linux Kernel
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
http://secunia.com/advisories/58301
http://www.debian.org/security/2014/dsa-2920
https://code.google.com/p/chromium/issues/detail?id=359802
https://code.google.com/p/v8/source/detail?r=20519
https://code.google.com/p/v8/source/detail?r=20525
https://nvd.nist.gov/vuln/detail/CVE-2014-1736
https://www.cve.org/CVERecord?id=CVE-2014-1736

History

No history.

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2014-05-06T10:00:00

Updated: 2024-08-06T09:50:10.992Z

Reserved: 2014-01-29T00:00:00

Link: CVE-2014-1736

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-05-06T10:44:05.737

Modified: 2024-11-21T02:04:55.857

Link: CVE-2014-1736

Redhat

Severity : Moderate

Publid Date: 2014-04-24T00:00:00Z

Links: CVE-2014-1736 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-24T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-21T13:57:00", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/v8/source/detail?r=20519"}, {"name": "58301", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/58301"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html"}, {"name": "DSA-2920", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2920"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=359802"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/v8/source/detail?r=20525"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2014-1736", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://code.google.com/p/v8/source/detail?r=20519", "refsource": "CONFIRM", "url": "https://code.google.com/p/v8/source/detail?r=20519"}, {"name": "58301", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58301"}, {"name": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html"}, {"name": "DSA-2920", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2920"}, {"name": "https://code.google.com/p/chromium/issues/detail?id=359802", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=359802"}, {"name": "https://code.google.com/p/v8/source/detail?r=20525", "refsource": "CONFIRM", "url": "https://code.google.com/p/v8/source/detail?r=20525"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:50:10.992Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/v8/source/detail?r=20519"}, {"name": "58301", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/58301"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html"}, {"name": "DSA-2920", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2920"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/chromium/issues/detail?id=359802"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/v8/source/detail?r=20525"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2014-1736", "datePublished": "2014-05-06T10:00:00", "dateReserved": "2014-01-29T00:00:00", "dateUpdated": "2024-08-06T09:50:10.992Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "59F9F3BD-65CD-462B-A3CD-D970F48AABAB", "versionEndExcluding": "34.0.1847.131", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "682715EE-1BA1-4A6B-AEB6-B99257B38A45", "versionEndExcluding": "34.0.1847.132", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value."}, {"lang": "es", "value": "Desbordamiento de enteros en api.cc en Google V8, utilizado en Google Chrome anterior a 34.0.1847.131 en Windows y OS X y anteriores 34.0.1847.132 en Linux, permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado a trav\u00e9s de un valor de longitud grande."}], "id": "CVE-2014-1736", "lastModified": "2024-11-21T02:04:55.857", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-06T10:44:05.737", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/58301"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.debian.org/security/2014/dsa-2920"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/chromium/issues/detail?id=359802"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/v8/source/detail?r=20519"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/v8/source/detail?r=20525"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/58301"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-2920"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.google.com/p/chromium/issues/detail?id=359802"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.google.com/p/v8/source/detail?r=20519"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.google.com/p/v8/source/detail?r=20525"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "v8: integer overflow can lead to a remote denial of service", "id": "1094858", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094858"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "draft"}, "cwe": "CWE-190", "details": ["Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value."], "name": "CVE-2014-1736", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "ruby193-v8", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Not affected", "package_name": "ruby193-v8", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Not affected", "package_name": "v8", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openstack:3", "fix_state": "Not affected", "package_name": "ruby193-v8", "product_name": "Red Hat OpenStack Platform 3"}, {"cpe": "cpe:/a:redhat:openstack:3", "fix_state": "Not affected", "package_name": "v8", "product_name": "Red Hat OpenStack Platform 3"}, {"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Not affected", "package_name": "ruby193-v8", "product_name": "Red Hat OpenStack Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Not affected", "package_name": "v8", "product_name": "Red Hat OpenStack Platform 4"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "v8", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Not affected", "package_name": "v8314-v8", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Not affected", "package_name": "ruby193-v8", "product_name": "Red Hat Subscription Asset Manager"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Not affected", "package_name": "v8", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2014-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-1736\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1736"], "threat_severity": "Moderate"}