Input validation error in Google Chrome - CVE-2013-2853
Published: July 10, 2013 / Updated: August 11, 2020
Vulnerability identifier: #VU42728
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2013-2853
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Google
Affected software:
Google Chrome
Google Chrome
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation.
How to mitigate CVE-2013-2853
Install update from vendor's website.
Sources
- http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=44b400c80726ee5d205a27730a0c846be656a071
- http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=f4f9f4948de5a59462e13ad712d7d9117238aeea
- http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html
- http://www.debian.org/security/2013/dsa-2724
- https://code.google.com/p/chromium/issues/detail?id=244260
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17033