NVD

Id
37168  
Name
CVE-2013-0899  
Description
Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-18  
Published
2013-02-23  
Modified Date
2016-10-13  
Seq
2013-0899  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
190122 37168 CVE-2013-0899 http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html  View
190123 37168 CVE-2013-0899 openSUSE-SU-2013:0454  View
190124 37168 CVE-2013-0899 http://opus-codec.org/downloads/  View
190125 37168 CVE-2013-0899 oval:org.mitre.oval:def:16027  View
190126 37168 CVE-2013-0899 https://code.google.com/p/chromium/issues/detail?id=160480  View
190127 37168 CVE-2013-0899 https://codereview.chromium.org/11575026  View
190128 37168 CVE-2013-0899 https://src.chromium.org/viewvc/chrome/trunk/deps/third_party/opus/src/opus_decoder.c?r1=173498&r2=173497&pathrev=173498  View
190129 37168 CVE-2013-0899 https://src.chromium.org/viewvc/chrome?view=rev&revision=173498  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
20089 JVNDB-2013-001664 Google Chrome で使用される Opus の src/opus_decoder.c における整数オーバーフローの脆弱性 Google Chrome で使用される Opus の src/opus_decoder.c 内の opus_packet_parse_impl 関数のパディングの実装には、整数オーバーフローの脆弱性が存在します。 CVE-2013-0899 60841 CVE-2013-0899 37168 5 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001664.html 2013-02-21 2013-04-24 View