CVE-2015-1284

EPSS 1.22%
Published 23.07.2015 00:59:13
Last modified 12.04.2025 10:46:40
Source chrome-cve-admin@google.com
Teams watchlist Login
Open Login

The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Chrome Version <= 43.0.2357.134

Opensuse ≫ Opensuse Version13.1

Opensuse ≫ Opensuse Version13.2

Redhat ≫ Enterprise Linux Desktop Supplementary Version6.0

Redhat ≫ Enterprise Linux Server Supplementary Version6.0

Redhat ≫ Enterprise Linux Server Supplementary Version6.7.z

Redhat ≫ Enterprise Linux Workstation Supplementary Version6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.22%	0.782

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.debian.org/security/2015/dsa-3315

http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html

http://rhn.redhat.com/errata/RHSA-2015-1499.html

http://www.securityfocus.com/bid/75973

http://www.securitytracker.com/id/1033031

https://security.gentoo.org/glsa/201603-09

https://code.google.com/p/chromium/issues/detail?id=493243

https://src.chromium.org/viewvc/blink?revision=197139&view=revision

https://nvd.nist.gov/vuln/detail/CVE-2015-1284

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-1284

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-1284

EUVD