Vulnerability Description
Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | <= 34.0.1847.115 |
Related Weaknesses (CWE)
References
- http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html
- http://security.gentoo.org/glsa/glsa-201408-16.xml
- http://www.debian.org/security/2014/dsa-2905
- https://code.google.com/p/chromium/issues/detail?id=353004
- https://code.google.com/p/v8/source/detail?r=20020
- http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html
- http://security.gentoo.org/glsa/glsa-201408-16.xml
- http://www.debian.org/security/2014/dsa-2905
- https://code.google.com/p/chromium/issues/detail?id=353004
- https://code.google.com/p/v8/source/detail?r=20020
FAQ
What is CVE-2014-1717?
CVE-2014-1717 is a vulnerability with a CVSS score of 7.5 (HIGH). Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds...
How severe is CVE-2014-1717?
CVE-2014-1717 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1717?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome.