CVE-2013-0900

Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html	Release Notes Vendor Advisory
https://code.google.com/p/chromium/issues/detail?id=152442	Exploit Issue Tracking Mailing List Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html	Broken Link Third Party Advisory
http://jvn.jp/en/jp/JVN70739377/index.html	Third Party Advisory VDB Entry
http://www.debian.org/security/2013/dsa-2786	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16404	Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

Information

Published : 2013-02-23 13:55

Updated : 2022-11-18 12:17

NVD link : CVE-2013-0900

Mitre link : CVE-2013-0900

JSON object : View

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Advertisement

Products Affected

microsoft

windows

debian

debian_linux

google

chrome

linux

linux_kernel

apple

mac_os_x

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", "name": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://code.google.com/p/chromium/issues/detail?id=152442", "name": "https://code.google.com/p/chromium/issues/detail?id=152442", "tags": ["Exploit", "Issue Tracking", "Mailing List", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html", "name": "openSUSE-SU-2013:0454", "tags": ["Broken Link", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://jvn.jp/en/jp/JVN70739377/index.html", "name": "JVN#70739377", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "JVN"}, {"url": "http://www.debian.org/security/2013/dsa-2786", "name": "DSA-2786", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16404", "name": "oval:org.mitre.oval:def:16404", "tags": ["Third Party Advisory"], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-362"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-0900", "ASSIGNER": "security@google.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-02-23T21:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "25.0.1364.97"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "25.0.1364.99"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-11-18T20:17Z"}