Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-2904

EPSS 1.02% · P77
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2013-2904

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element so that its src attribute is no longer an XML document, leading to unintended garbage collection of this document.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Google Chrome ‘Document::finishedParsing’函数释放后重用漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。 Google Chrome 29.0.1547.57之前版本所使用的Blink浏览器引擎中的core/dom/Document.cpp文件中的‘Document::finishedParsing’函数中存在释放后重用漏洞。远程攻击者可借助修改IFRAME元素的装载事件使XML文档不在包含src属性,导致作为垃圾文档被收集,可利用该漏洞构建恶意网页,诱使用户解析,可使应用程序崩溃或执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2013-2904

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2013-2904

登录查看更多情报信息。

Same Patch Batch · n/a · 2013-08-21 · 21 CVEs total

CVE-2013-4700Yahoo! Japan Shopping for Android SSL证书验证信息泄露漏洞
CVE-2013-2905Google Chrome 信息泄露漏洞
CVE-2013-2903Google Chrome ‘HTMLMediaElement::didMoveToNewDocument’函数释放后重用漏洞
CVE-2013-2902Google Chrome XSLT ProcessingInstruction实现释放后重用漏洞
CVE-2013-2901Google Chrome ‘libGLESv2/renderer/Renderer11.cpp’多个整数溢出漏洞
CVE-2013-2900Google Chrome ‘FilePath::ReferencesParent’函数目录遍历漏洞
CVE-2013-2887Google Chrome 多个安全漏洞
CVE-2013-4230Drupal Monster Menus模块访问绕过漏洞
CVE-2013-4229Drupal Monster Menus模块跨站脚本漏洞
CVE-2013-4701JanRain PHP OpenID Library XML外部实体注入漏洞
CVE-2013-0597IBM WebSphere Application Server 跨站脚本漏洞
CVE-2013-4699Yahoo! Japan Yafuoku! for iOS和Android SSL证书验证信息泄露漏洞
CVE-2013-3016IBM WebSphere Portal 权限许可和访问控制漏洞
CVE-2013-0526IBM 1754 GCM系列多个命令注入漏洞
CVE-2013-4005IBM WebSphere Application Server Administrative控制台跨站脚本漏洞
CVE-2013-4004IBM WebSphere Application Server Administrative控制台跨站脚本漏洞
CVE-2013-3029IBM WebSphere Application Server Administrative控制台跨站请求伪造漏洞
CVE-2013-2976IBM WebSphere Application Server Administrative控制台信息泄露漏洞
CVE-2013-2967IBM WebSphere Application Server Administrative控制台跨站脚本漏洞
CVE-2013-2802Sixnet UDR和RTU通用协议实现安全漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2013-2904

No comments yet

Leave a comment