CVE-2013-6640: Buffer Overflow
First published: Sat Dec 07 2013(Updated: )
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome (Trace Event) | <=31.0.1650.62 | |
| Google Chrome (Trace Event) | =31.0.1650.0 | |
| Google Chrome (Trace Event) | =31.0.1650.2 | |
| Google Chrome (Trace Event) | =31.0.1650.3 | |
| Google Chrome (Trace Event) | =31.0.1650.4 | |
| Google Chrome (Trace Event) | =31.0.1650.5 | |
| Google Chrome (Trace Event) | =31.0.1650.6 | |
| Google Chrome (Trace Event) | =31.0.1650.7 | |
| Google Chrome (Trace Event) | =31.0.1650.8 | |
| Google Chrome (Trace Event) | =31.0.1650.9 | |
| Google Chrome (Trace Event) | =31.0.1650.10 | |
| Google Chrome (Trace Event) | =31.0.1650.11 | |
| Google Chrome (Trace Event) | =31.0.1650.12 | |
| Google Chrome (Trace Event) | =31.0.1650.13 | |
| Google Chrome (Trace Event) | =31.0.1650.14 | |
| Google Chrome (Trace Event) | =31.0.1650.15 | |
| Google Chrome (Trace Event) | =31.0.1650.16 | |
| Google Chrome (Trace Event) | =31.0.1650.17 | |
| Google Chrome (Trace Event) | =31.0.1650.18 | |
| Google Chrome (Trace Event) | =31.0.1650.19 | |
| Google Chrome (Trace Event) | =31.0.1650.20 | |
| Google Chrome (Trace Event) | =31.0.1650.22 | |
| Google Chrome (Trace Event) | =31.0.1650.23 | |
| Google Chrome (Trace Event) | =31.0.1650.25 | |
| Google Chrome (Trace Event) | =31.0.1650.26 | |
| Google Chrome (Trace Event) | =31.0.1650.27 | |
| Google Chrome (Trace Event) | =31.0.1650.28 | |
| Google Chrome (Trace Event) | =31.0.1650.29 | |
| Google Chrome (Trace Event) | =31.0.1650.30 | |
| Google Chrome (Trace Event) | =31.0.1650.31 | |
| Google Chrome (Trace Event) | =31.0.1650.32 | |
| Google Chrome (Trace Event) | =31.0.1650.33 | |
| Google Chrome (Trace Event) | =31.0.1650.34 | |
| Google Chrome (Trace Event) | =31.0.1650.35 | |
| Google Chrome (Trace Event) | =31.0.1650.36 | |
| Google Chrome (Trace Event) | =31.0.1650.37 | |
| Google Chrome (Trace Event) | =31.0.1650.38 | |
| Google Chrome (Trace Event) | =31.0.1650.39 | |
| Google Chrome (Trace Event) | =31.0.1650.41 | |
| Google Chrome (Trace Event) | =31.0.1650.42 | |
| Google Chrome (Trace Event) | =31.0.1650.43 | |
| Google Chrome (Trace Event) | =31.0.1650.44 | |
| Google Chrome (Trace Event) | =31.0.1650.45 | |
| Google Chrome (Trace Event) | =31.0.1650.46 | |
| Google Chrome (Trace Event) | =31.0.1650.47 | |
| Google Chrome (Trace Event) | =31.0.1650.48 | |
| Google Chrome (Trace Event) | =31.0.1650.49 | |
| Google Chrome (Trace Event) | =31.0.1650.50 | |
| Google Chrome (Trace Event) | =31.0.1650.51 | |
| Google Chrome (Trace Event) | =31.0.1650.52 | |
| Google Chrome (Trace Event) | =31.0.1650.53 | |
| Google Chrome (Trace Event) | =31.0.1650.54 | |
| Google Chrome (Trace Event) | =31.0.1650.55 | |
| Google Chrome (Trace Event) | =31.0.1650.57 | |
| Google Chrome (Trace Event) | =31.0.1650.58 | |
| Google Chrome (Trace Event) | =31.0.1650.59 | |
| Google Chrome (Trace Event) | =31.0.1650.60 | |
| Google Chrome (Trace Event) | =31.0.1650.61 | |
| Google V8 | <=3.22.24 | |
| Google V8 | =3.22.0 | |
| Google V8 | =3.22.1 | |
| Google V8 | =3.22.2 | |
| Google V8 | =3.22.3 | |
| Google V8 | =3.22.4 | |
| Google V8 | =3.22.5 | |
| Google V8 | =3.22.6 | |
| Google V8 | =3.22.7 | |
| Google V8 | =3.22.8 | |
| Google V8 | =3.22.9 | |
| Google V8 | =3.22.10 | |
| Google V8 | =3.22.11 | |
| Google V8 | =3.22.12 | |
| Google V8 | =3.22.13 | |
| Google V8 | =3.22.14 | |
| Google V8 | =3.22.15 | |
| Google V8 | =3.22.16 | |
| Google V8 | =3.22.17 | |
| Google V8 | =3.22.18 | |
| Google V8 | =3.22.19 | |
| Google V8 | =3.22.20 | |
| Google V8 | =3.22.21 | |
| Google V8 | =3.22.22 | |
| Google V8 | =3.22.23 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://code.google.com/p/v8/source/detail?r=17801
- http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00122.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00124.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00063.html
- http://secunia.com/advisories/56216
- http://secunia.com/advisories/56217
- http://www.debian.org/security/2013/dsa-2811
- http://www.securitytracker.com/id/1029442
- https://code.google.com/p/chromium/issues/detail?id=319860
Frequently Asked Questions
What is the severity of CVE-2013-6640?
CVE-2013-6640 is classified as a denial of service vulnerability that allows for out-of-bounds read leading to potential crashes.
How do I fix CVE-2013-6640?
To mitigate CVE-2013-6640, users should upgrade to Google Chrome version 31.0.1650.63 or later.
What versions of Google Chrome are affected by CVE-2013-6640?
CVE-2013-6640 affects Google Chrome versions before 31.0.1650.63.
How does CVE-2013-6640 exploit work?
CVE-2013-6640 exploits a flaw in the DehoistArrayIndex function via malicious JavaScript code that manipulates array elements.
Is CVE-2013-6640 still a threat today?
CVE-2013-6640 is less of a threat today if users have updated to supported versions of Google Chrome or V8.
- agent/type
- agent/softwarecombine
- agent/author
- agent/weakness
- agent/severity
- agent/remedy
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/google
- canonical/google chrome (trace event)
- version/google chrome (trace event)/31.0.1650.62
- version/google chrome (trace event)/31.0.1650.0
- version/google chrome (trace event)/31.0.1650.2
- version/google chrome (trace event)/31.0.1650.3
- version/google chrome (trace event)/31.0.1650.4
- version/google chrome (trace event)/31.0.1650.5
- version/google chrome (trace event)/31.0.1650.6
- version/google chrome (trace event)/31.0.1650.7
- version/google chrome (trace event)/31.0.1650.8
- version/google chrome (trace event)/31.0.1650.9
- version/google chrome (trace event)/31.0.1650.10
- version/google chrome (trace event)/31.0.1650.11
- version/google chrome (trace event)/31.0.1650.12
- version/google chrome (trace event)/31.0.1650.13
- version/google chrome (trace event)/31.0.1650.14
- version/google chrome (trace event)/31.0.1650.15
- version/google chrome (trace event)/31.0.1650.16
- version/google chrome (trace event)/31.0.1650.17
- version/google chrome (trace event)/31.0.1650.18
- version/google chrome (trace event)/31.0.1650.19
- version/google chrome (trace event)/31.0.1650.20
- version/google chrome (trace event)/31.0.1650.22
- version/google chrome (trace event)/31.0.1650.23
- version/google chrome (trace event)/31.0.1650.25
- version/google chrome (trace event)/31.0.1650.26
- version/google chrome (trace event)/31.0.1650.27
- version/google chrome (trace event)/31.0.1650.28
- version/google chrome (trace event)/31.0.1650.29
- version/google chrome (trace event)/31.0.1650.30
- version/google chrome (trace event)/31.0.1650.31
- version/google chrome (trace event)/31.0.1650.32
- version/google chrome (trace event)/31.0.1650.33
- version/google chrome (trace event)/31.0.1650.34
- version/google chrome (trace event)/31.0.1650.35
- version/google chrome (trace event)/31.0.1650.36
- version/google chrome (trace event)/31.0.1650.37
- version/google chrome (trace event)/31.0.1650.38
- version/google chrome (trace event)/31.0.1650.39
- version/google chrome (trace event)/31.0.1650.41
- version/google chrome (trace event)/31.0.1650.42
- version/google chrome (trace event)/31.0.1650.43
- version/google chrome (trace event)/31.0.1650.44
- version/google chrome (trace event)/31.0.1650.45
- version/google chrome (trace event)/31.0.1650.46
- version/google chrome (trace event)/31.0.1650.47
- version/google chrome (trace event)/31.0.1650.48
- version/google chrome (trace event)/31.0.1650.49
- version/google chrome (trace event)/31.0.1650.50
- version/google chrome (trace event)/31.0.1650.51
- version/google chrome (trace event)/31.0.1650.52
- version/google chrome (trace event)/31.0.1650.53
- version/google chrome (trace event)/31.0.1650.54
- version/google chrome (trace event)/31.0.1650.55
- version/google chrome (trace event)/31.0.1650.57
- version/google chrome (trace event)/31.0.1650.58
- version/google chrome (trace event)/31.0.1650.59
- version/google chrome (trace event)/31.0.1650.60
- version/google chrome (trace event)/31.0.1650.61
- canonical/google v8
- version/google v8/3.22.24
- version/google v8/3.22.0
- version/google v8/3.22.1
- version/google v8/3.22.2
- version/google v8/3.22.3
- version/google v8/3.22.4
- version/google v8/3.22.5
- version/google v8/3.22.6
- version/google v8/3.22.7
- version/google v8/3.22.8
- version/google v8/3.22.9
- version/google v8/3.22.10
- version/google v8/3.22.11
- version/google v8/3.22.12
- version/google v8/3.22.13
- version/google v8/3.22.14
- version/google v8/3.22.15
- version/google v8/3.22.16
- version/google v8/3.22.17
- version/google v8/3.22.18
- version/google v8/3.22.19
- version/google v8/3.22.20
- version/google v8/3.22.21
- version/google v8/3.22.22
- version/google v8/3.22.23