CVE-2019-13734

Published: Dec 10, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected (31)

Products: Google: Chrome · Fedoraproject: Fedora · Redhat: Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Tus, Enterprise Linux Workstation, Openshift Container Platform · +5 more

Show all products

1 product

1 product

8 products

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Openshift Container Platform

1 product

1 product

1 product

1 product

1 product

Communications Cloud Native Core Network Repository Function

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 79.0.3945.79

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 30
Fedoraproject Fedora	Version 31

Configuration C

19 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Eus	Version 7.7
Redhat Enterprise Linux Eus	Version 8.1
Redhat Enterprise Linux Eus	Version 8.2
Redhat Enterprise Linux Eus	Version 8.4
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.7
Redhat Enterprise Linux Server Aus	Version 8.2
Redhat Enterprise Linux Server Aus	Version 8.4
Redhat Enterprise Linux Server Tus	Version 7.7
Redhat Enterprise Linux Server Tus	Version 8.2
Redhat Enterprise Linux Server Tus	Version 8.4
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Enterprise Linux Workstation	Version 7.0
Redhat Openshift Container Platform	Version 3.11
Redhat Openshift Container Platform	Version 4.2

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.10

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Suse Package Hub	All versions

Running on/with	Platform Versions
Suse Linux Enterprise	Version 12.0

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Backports Sle	Version 15.0 sp1

Configuration G

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Configuration H

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Cloud Native Core Network Repository Function	Version 1.14.0

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (38)

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html

Source: chrome-cve-admin@google.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html

Source: chrome-cve-admin@google.com

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2019:4238

Source: chrome-cve-admin@google.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0227

Source: chrome-cve-admin@google.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0229

Source: chrome-cve-admin@google.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0273

Source: chrome-cve-admin@google.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0451

Source: chrome-cve-admin@google.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0463

Source: chrome-cve-admin@google.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0476

Source: chrome-cve-admin@google.com

Third Party Advisory

https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html

Source: chrome-cve-admin@google.com

Vendor Advisory

https://crbug.com/1025466

Source: chrome-cve-admin@google.com

Permissions RequiredVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/

Source: chrome-cve-admin@google.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/

Source: chrome-cve-admin@google.com

https://seclists.org/bugtraq/2020/Jan/27

Source: chrome-cve-admin@google.com

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202003-08

Source: chrome-cve-admin@google.com

Third Party Advisory

https://usn.ubuntu.com/4298-1/

Source: chrome-cve-admin@google.com

Third Party Advisory

https://usn.ubuntu.com/4298-2/

Source: chrome-cve-admin@google.com

Third Party Advisory

https://www.debian.org/security/2020/dsa-4606

Source: chrome-cve-admin@google.com

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Source: chrome-cve-admin@google.com

PatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2019:4238

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0227

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0229

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0273

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0451

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0463

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0476

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://crbug.com/1025466

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/bugtraq/2020/Jan/27

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202003-08

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4298-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4298-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2020/dsa-4606

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.