PT-2013-2695 · Google+1 · Google Chrome+1

Publicado

2013-02-21

Atualizado

2024-06-15

CVE-2013-0899

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Opus versions prior to 1.0.2 Google Chrome versions prior to 25.0.1364.97 on Windows and Linux Google Chrome versions prior to 25.0.1364.99 on Mac OS X

Description The issue is related to an integer overflow in the padding implementation in the opus packet parse impl function. This allows remote attackers to cause a denial of service through an out-of-bounds read by sending a long packet.

Recommendations For Opus versions prior to 1.0.2, update to version 1.0.2 or later. For Google Chrome versions prior to 25.0.1364.97 on Windows and Linux, update to version 25.0.1364.97 or later. For Google Chrome versions prior to 25.0.1364.99 on Mac OS X, update to version 25.0.1364.99 or later.

Exploit

Correção

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

CVE-2013-0899

OPENSUSE-SU-2024:10171-1

OPENSUSE-SU-2024:12948-1

Produtos afetados

Google Chrome

Opus

PT-2013-2695 · Google+1 · Google Chrome+1

CVE-2013-0899

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2348