Vulnerabilities > CVE-2013-2632 - Unspecified vulnerability in Google Chrome and V8

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
google
nessus
NVD
Published: 2013-03-21
Updated: 2024-11-21

Summary

Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by the Bejeweled game.

Vulnerable Configurations

Part Description Count
Application
Google
2918

Nessus

NASL familyFedora Local Security Checks
NASL idFEDORA_2012-20578.NASL
descriptionNode.js is a platform built on Chrome
last seen2020-03-17
modified2013-04-07
plugin id65823
published2013-04-07
reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/65823
titleFedora 18 : libuv-0.10.3-1.fc18 / nodejs-0.10.2-1.fc18 / v8-3.14.5.8-1.fc18 (2012-20578)
code
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2012-20578.
#

include("compat.inc");

if (description)
{
  script_id(65823);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2012-5153", "CVE-2013-0836", "CVE-2013-2632");
  script_bugtraq_id(57251, 58697);
  script_xref(name:"FEDORA", value:"2012-20578");

  script_name(english:"Fedora 18 : libuv-0.10.3-1.fc18 / nodejs-0.10.2-1.fc18 / v8-3.14.5.8-1.fc18 (2012-20578)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Node.js is a platform built on Chrome's JavaScript runtime for easily
building fast, scalable network applications. Node.js uses an
event-driven, non-blocking I/O model that makes it lightweight and
efficient, perfect for data-intensive real-time applications that run
across distributed devices.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=896266"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=896272"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=924495"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101468.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?68b7726e"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101469.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?e702e92e"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101470.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?fe686902"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libuv, nodejs and / or v8 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libuv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nodejs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:v8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/12/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/07");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC18", reference:"libuv-0.10.3-1.fc18")) flag++;
if (rpm_check(release:"FC18", reference:"nodejs-0.10.2-1.fc18")) flag++;
if (rpm_check(release:"FC18", reference:"v8-3.14.5.8-1.fc18")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libuv / nodejs / v8");
}

References