CVE-2014-3173

CVSS V2 Medium 5 CVSS V3 None

Description

The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc.

Overview

CVE ID
CVE-2014-3173

Assigner
cve-coordination@google.com

Vulnerability Status
Modified

Published Version
2014-08-27T01:55:05

Last Modified Date
2017-08-29T01:34:40

Weakness Enumerations

CWE	URL
CWE-119	http://cwe.mitre.org/data/definitions/119.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:google:chrome::::::::	1	OR	37.0.2062.93
cpe:2.3:a:google:chrome:37.0.2062.0:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.1:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.2:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.3:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.4:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.5:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.6:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.7:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.8:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.9:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.10:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.11:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.12:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.13:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.14:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.15:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.16:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.17:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.18:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.19:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.20:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.21:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.22:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.23:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.24:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.25:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.26:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.27:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.28:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.29:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.30:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.31:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.32:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.33:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.34:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.35:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.36:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.37:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.39:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.43:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.44:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.45:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.46:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.47:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.48:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.49:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.50:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.51:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.52:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.53:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.54:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.55:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.56:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.57:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.58:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.59:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.60:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.61:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.62:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.63:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.64:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.65:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.66:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.67:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.68:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.69:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.70:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.71:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.72:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.73:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.74:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.75:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.76:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.77:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.78:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.80:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.81:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.89:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.90:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.91:::::::*	1	OR
cpe:2.3:a:google:chrome:37.0.2062.92:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
NONE

Integrity Impact
NONE

Availability Impact
PARTIAL

Base Score
5

Severity
MEDIUM

Exploitability Score
10

Impact Score
2.9

References

Reference URL	Reference Tags
https://src.chromium.org/viewvc/chrome?revision=275338&view=revision	Patch
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html	Vendor Advisory
https://crbug.com/376951
http://www.securitytracker.com/id/1030767
http://www.debian.org/security/2014/dsa-3039
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html
http://www.securityfocus.com/bid/69403
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://secunia.com/advisories/61482
http://secunia.com/advisories/60424
http://secunia.com/advisories/60268
https://exchange.xforce.ibmcloud.com/vulnerabilities/95473

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2014-3173
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3173

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 08:43:15				Added to TrackCVE
2022-12-02 00:23:35	security@google.com	cve-coordination@google.com	CVE Assigner	updated
2022-12-02 00:23:35	2014-08-27T01:55Z	2014-08-27T01:55:05	CVE Published Date	updated
2022-12-02 00:23:35		2017-08-29T01:34:40	CVE Modified Date	updated
2022-12-02 00:23:35		Modified	Vulnerability Status	updated