CVE-2014-1741
high
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
7.5
Description
Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to ranges.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| chrome | {"endIncluding":"34.0.1847.136"} | | |
| chrome | 34.0.1847.0 | | |
| chrome | 34.0.1847.1 | | |
| chrome | 34.0.1847.2 | | |
| chrome | 34.0.1847.3 | | |
| chrome | 34.0.1847.4 | | |
| chrome | 34.0.1847.5 | | |
| chrome | 34.0.1847.6 | | |
| chrome | 34.0.1847.7 | | |
| chrome | 34.0.1847.8 | | |
| chrome | 34.0.1847.9 | | |
| chrome | 34.0.1847.10 | | |
| chrome | 34.0.1847.12 | | |
| chrome | 34.0.1847.14 | | |
| chrome | 34.0.1847.15 | | |
| chrome | 34.0.1847.23 | | |
| chrome | 34.0.1847.24 | | |
| chrome | 34.0.1847.25 | | |
| chrome | 34.0.1847.36 | | |
| chrome | 34.0.1847.37 | | |
| chrome | 34.0.1847.38 | | |
| chrome | 34.0.1847.39 | | |
| chrome | 34.0.1847.41 | | |
| chrome | 34.0.1847.42 | | |
| chrome | 34.0.1847.43 | | |
| chrome | 34.0.1847.44 | | |
| chrome | 34.0.1847.45 | | |
| chrome | 34.0.1847.46 | | |
| chrome | 34.0.1847.47 | | |
| chrome | 34.0.1847.48 | | |
| chrome | 34.0.1847.49 | | |
| chrome | 34.0.1847.50 | | |
| chrome | 34.0.1847.51 | | |
| chrome | 34.0.1847.52 | | |
| chrome | 34.0.1847.53 | | |
| chrome | 34.0.1847.54 | | |
| chrome | 34.0.1847.55 | | |
| chrome | 34.0.1847.56 | | |
| chrome | 34.0.1847.57 | | |
| chrome | 34.0.1847.58 | | |
| chrome | 34.0.1847.59 | | |
| chrome | 34.0.1847.60 | | |
| chrome | 34.0.1847.61 | | |
| chrome | 34.0.1847.62 | | |
| chrome | 34.0.1847.63 | | |
| chrome | 34.0.1847.64 | | |
| chrome | 34.0.1847.65 | | |
| chrome | 34.0.1847.66 | | |
| chrome | 34.0.1847.67 | | |
| chrome | 34.0.1847.68 | | |
| chrome | 34.0.1847.69 | | |
| chrome | 34.0.1847.71 | | |
| chrome | 34.0.1847.72 | | |
| chrome | 34.0.1847.73 | | |
| chrome | 34.0.1847.74 | | |
| chrome | 34.0.1847.75 | | |
| chrome | 34.0.1847.76 | | |
| chrome | 34.0.1847.77 | | |
| chrome | 34.0.1847.78 | | |
| chrome | 34.0.1847.79 | | |
| chrome | 34.0.1847.80 | | |
| chrome | 34.0.1847.81 | | |
| chrome | 34.0.1847.82 | | |
| chrome | 34.0.1847.83 | | |
| chrome | 34.0.1847.85 | | |
| chrome | 34.0.1847.86 | | |
| chrome | 34.0.1847.87 | | |
| chrome | 34.0.1847.91 | | |
| chrome | 34.0.1847.92 | | |
| chrome | 34.0.1847.94 | | |
| chrome | 34.0.1847.97 | | |
| chrome | 34.0.1847.98 | | |
| chrome | 34.0.1847.99 | | |
| chrome | 34.0.1847.100 | | |
| chrome | 34.0.1847.101 | | |
| chrome | 34.0.1847.102 | | |
| chrome | 34.0.1847.103 | | |
| chrome | 34.0.1847.104 | | |
| chrome | 34.0.1847.109 | | |
| chrome | 34.0.1847.111 | | |
| chrome | 34.0.1847.112 | | |
| chrome | 34.0.1847.113 | | |
| chrome | 34.0.1847.114 | | |
| chrome | 34.0.1847.115 | | |
| chrome | 34.0.1847.116 | | |
| chrome | 34.0.1847.118 | | |
| chrome | 34.0.1847.120 | | |
| chrome | 34.0.1847.130 | | |
| chrome | 34.0.1847.131 | | |
| chrome | 34.0.1847.132 | | |
| chrome | 34.0.1847.133 | | |
| chrome | 34.0.1847.134 | | |
| chrome | 34.0.1847.135 | |
References
- http://googlechromereleases.blogspot.com/2014/05/stable-channel-update.html
- http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
- http://secunia.com/advisories/59155
- http://secunia.com/advisories/60372
- http://security.gentoo.org/glsa/glsa-201408-16.xml
- http://www.debian.org/security/2014/dsa-2930
- http://www.securityfocus.com/bid/67376
- http://www.securitytracker.com/id/1030240
- https://code.google.com/p/chromium/issues/detail?id=349898
- https://src.chromium.org/viewvc/blink?revision=171165&view=revision
- http://googlechromereleases.blogspot.com/2014/05/stable-channel-update.html
- http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
- http://secunia.com/advisories/59155
- http://secunia.com/advisories/60372
- http://security.gentoo.org/glsa/glsa-201408-16.xml
- http://www.debian.org/security/2014/dsa-2930
- http://www.securityfocus.com/bid/67376
- http://www.securitytracker.com/id/1030240
- https://code.google.com/p/chromium/issues/detail?id=349898
- https://src.chromium.org/viewvc/blink?revision=171165&view=revision
CWEs
CWE-189
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.