Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-6627Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
6.9%
top 8.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Google Chrome
Timeline
PublishedNov 13
Latest updateMay 17

Description

net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome31.0.1650.47+43

🔴Vulnerability Details

1
GHSA
GHSA-mhhh-874c-f34g: net/http/http_stream_parser2022-05-17

💥Exploits & PoCs

1
Exploit-DB
Google Chrome < 31.0.1650.48 - HTTP 1xx base::String­Tokenizer­T<...>::Quick­Get­Next Out-of-Bounds Read2016-12-19