CVE-2014-1725

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Input Validation Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2014-1716, CVE-2014-1717, CVE-2014-1718, CVE-2014-1719, CVE-2014-1720, CVE-2014-1721, CVE-2014-1722, CVE-2014-1723, CVE-2014-1724, CVE-2014-1726, CVE-2014-1727, CVE-2014-1728, CVE-2014-1729

Published on 09/04/14 - Updated on 07/01/17

Description

The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2014-1725
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2014-AVI-164
Debian DSA-2905-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
googlechrome

Share this vulnerability with:

Twitter Facebook LinkedIn Mail