CVE-2013-6641

Published: Jan 16, 2014Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element.

Affected (4)

Products: Google: Chrome · Opensuse: Opensuse

1 product

1 product

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 32.0.1700.77

Running on/with	Platform Versions
Apple Mac Os X	All versions
Linux Linux Kernel	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 32.0.1700.76

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.3
Opensuse Opensuse	Version 13.1

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (10)

http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html

Source: cve@mitre.org

Release NotesVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html

Source: cve@mitre.org

Broken LinkMailing ListThird Party Advisory

http://www.debian.org/security/2014/dsa-2862

Source: cve@mitre.org

Third Party Advisory

https://chromium.googlesource.com/chromium/blink.git/+/1dfd387bd88cc0ebaef3a2302e72ac1c6101b91b

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

https://code.google.com/p/chromium/issues/detail?id=326854

Source: cve@mitre.org

ExploitIssue TrackingMailing ListVendor Advisory

http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkMailing ListThird Party Advisory

http://www.debian.org/security/2014/dsa-2862

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://chromium.googlesource.com/chromium/blink.git/+/1dfd387bd88cc0ebaef3a2302e72ac1c6101b91b

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

https://code.google.com/p/chromium/issues/detail?id=326854

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingMailing ListVendor Advisory

Timeline

No history available yet.