CVE-2013-6631Out-of-bounds Write in Google Chrome

4 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.7%
top 17.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedNov 19
Latest updateMay 17

Description

Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger the absence of certain statistics initialization, leading to the skipping of a required DeRegisterExternalTransport call.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDgoogle/chrome31.0.1650.47+43

Patches

Patch: webrtc-codereview.appspot.comPatch: webrtc-codereview.appspot.com

🔴Vulnerability Details

1
GHSA
GHSA-46gc-3vrv-89f8: Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel2022-05-17

💬Community

2
Bugzilla
CVE-2013-6631 libjingle: use-after-free flaw [fedora-all]2013-11-18
Bugzilla
CVE-2013-6631 libjingle: use-after-free flaw2013-11-18