製品・ソフトウェアに関する情報

JVN脆弱性詳細

Windows 上で稼働する Google Chrome の sandbox/win/src/named_pipe_dispatcher.cc におけるディレクトリトラバーサルの脆弱性

タイトル	Windows 上で稼働する Google Chrome の sandbox/win/src/named_pipe_dispatcher.cc におけるディレクトリトラバーサルの脆弱性
概要	Windows 上で稼働する Google Chrome の sandbox/win/src/named_pipe_dispatcher.cc には、(1) .. (ドットドット) シーケンスのチェックの欠如、または (2) \\?\ 保護メカニズムの使用の欠如に関する処理に不備があるため、ディレクトリトラバーサルの脆弱性が存在します。
想定される影響	攻撃者により、サンドボックスの名前付きパイプポリシー制限を回避される可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2013年11月5日0:00
登録日	2014年2月25日17:24
最終更新日	2014年2月25日17:24

CVSS2.0 : 危険
スコア	7.5
ベクター	AV:N/AC:L/Au:N/C:P/I:P/A:P

影響を受けるシステム

Google

Google Chrome 33.0.1750.117 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-6652	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6652
National Vulnerability Database (NVD)
2	CVE-2013-6652	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6652

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-22	https://jvndb.jvn.jp/ja/cwe/CWE-22.html

ベンダー情報

No	名前	URL
Chromium
1	Revision 247511	https://src.chromium.org/viewvc/chrome?revision=247511&view=revision
Google
2	Google Chrome	http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja&hl=ja
3	Stable Channel Update	http://googlechromereleases.blogspot.jp/2014/02/stable-channel-update_20.html

変更履歴

No	変更内容	変更日
0	[2014年02月25日] 掲載	2018年2月17日10:37

NVD脆弱性情報

CVE-2013-6652

概要	Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. (dot dot) sequences or (2) lack of use of the \\?\ protection mechanism.
公表日	2014年2月24日13:48
登録日	2021年1月26日15:48
最終更新日	2024年11月21日10:59

影響を受けるソフトウェアの構成

構成1		以上	以下	より上	未満
cpe:2.3:a:google:chrome::::::::			33.0.1750.116
cpe:2.3:a:google:chrome:33.0.1750.0:::::::*
cpe:2.3:a:google:chrome:33.0.1750.1:::::::*
cpe:2.3:a:google:chrome:33.0.1750.2:::::::*
cpe:2.3:a:google:chrome:33.0.1750.3:::::::*
cpe:2.3:a:google:chrome:33.0.1750.4:::::::*
cpe:2.3:a:google:chrome:33.0.1750.5:::::::*
cpe:2.3:a:google:chrome:33.0.1750.6:::::::*
cpe:2.3:a:google:chrome:33.0.1750.7:::::::*
cpe:2.3:a:google:chrome:33.0.1750.8:::::::*
cpe:2.3:a:google:chrome:33.0.1750.9:::::::*
cpe:2.3:a:google:chrome:33.0.1750.10:::::::*
cpe:2.3:a:google:chrome:33.0.1750.11:::::::*
cpe:2.3:a:google:chrome:33.0.1750.12:::::::*
cpe:2.3:a:google:chrome:33.0.1750.13:::::::*
cpe:2.3:a:google:chrome:33.0.1750.14:::::::*
cpe:2.3:a:google:chrome:33.0.1750.15:::::::*
cpe:2.3:a:google:chrome:33.0.1750.16:::::::*
cpe:2.3:a:google:chrome:33.0.1750.18:::::::*
cpe:2.3:a:google:chrome:33.0.1750.19:::::::*
cpe:2.3:a:google:chrome:33.0.1750.20:::::::*
cpe:2.3:a:google:chrome:33.0.1750.21:::::::*
cpe:2.3:a:google:chrome:33.0.1750.22:::::::*
cpe:2.3:a:google:chrome:33.0.1750.23:::::::*
cpe:2.3:a:google:chrome:33.0.1750.24:::::::*
cpe:2.3:a:google:chrome:33.0.1750.25:::::::*
cpe:2.3:a:google:chrome:33.0.1750.26:::::::*
cpe:2.3:a:google:chrome:33.0.1750.27:::::::*
cpe:2.3:a:google:chrome:33.0.1750.28:::::::*
cpe:2.3:a:google:chrome:33.0.1750.29:::::::*
cpe:2.3:a:google:chrome:33.0.1750.30:::::::*
cpe:2.3:a:google:chrome:33.0.1750.31:::::::*
cpe:2.3:a:google:chrome:33.0.1750.34:::::::*
cpe:2.3:a:google:chrome:33.0.1750.35:::::::*
cpe:2.3:a:google:chrome:33.0.1750.36:::::::*
cpe:2.3:a:google:chrome:33.0.1750.37:::::::*
cpe:2.3:a:google:chrome:33.0.1750.38:::::::*
cpe:2.3:a:google:chrome:33.0.1750.39:::::::*
cpe:2.3:a:google:chrome:33.0.1750.40:::::::*
cpe:2.3:a:google:chrome:33.0.1750.41:::::::*
cpe:2.3:a:google:chrome:33.0.1750.42:::::::*
cpe:2.3:a:google:chrome:33.0.1750.43:::::::*
cpe:2.3:a:google:chrome:33.0.1750.44:::::::*
cpe:2.3:a:google:chrome:33.0.1750.45:::::::*
cpe:2.3:a:google:chrome:33.0.1750.46:::::::*
cpe:2.3:a:google:chrome:33.0.1750.47:::::::*
cpe:2.3:a:google:chrome:33.0.1750.48:::::::*
cpe:2.3:a:google:chrome:33.0.1750.49:::::::*
cpe:2.3:a:google:chrome:33.0.1750.50:::::::*
cpe:2.3:a:google:chrome:33.0.1750.51:::::::*
cpe:2.3:a:google:chrome:33.0.1750.52:::::::*
cpe:2.3:a:google:chrome:33.0.1750.53:::::::*
cpe:2.3:a:google:chrome:33.0.1750.54:::::::*
cpe:2.3:a:google:chrome:33.0.1750.55:::::::*
cpe:2.3:a:google:chrome:33.0.1750.56:::::::*
cpe:2.3:a:google:chrome:33.0.1750.57:::::::*
cpe:2.3:a:google:chrome:33.0.1750.58:::::::*
cpe:2.3:a:google:chrome:33.0.1750.59:::::::*
cpe:2.3:a:google:chrome:33.0.1750.60:::::::*
cpe:2.3:a:google:chrome:33.0.1750.61:::::::*
cpe:2.3:a:google:chrome:33.0.1750.62:::::::*
cpe:2.3:a:google:chrome:33.0.1750.63:::::::*
cpe:2.3:a:google:chrome:33.0.1750.64:::::::*
cpe:2.3:a:google:chrome:33.0.1750.65:::::::*
cpe:2.3:a:google:chrome:33.0.1750.66:::::::*
cpe:2.3:a:google:chrome:33.0.1750.67:::::::*
cpe:2.3:a:google:chrome:33.0.1750.68:::::::*
cpe:2.3:a:google:chrome:33.0.1750.69:::::::*
cpe:2.3:a:google:chrome:33.0.1750.70:::::::*
cpe:2.3:a:google:chrome:33.0.1750.71:::::::*
cpe:2.3:a:google:chrome:33.0.1750.73:::::::*
cpe:2.3:a:google:chrome:33.0.1750.74:::::::*
cpe:2.3:a:google:chrome:33.0.1750.75:::::::*
cpe:2.3:a:google:chrome:33.0.1750.76:::::::*
cpe:2.3:a:google:chrome:33.0.1750.77:::::::*
cpe:2.3:a:google:chrome:33.0.1750.79:::::::*
cpe:2.3:a:google:chrome:33.0.1750.80:::::::*
cpe:2.3:a:google:chrome:33.0.1750.81:::::::*
cpe:2.3:a:google:chrome:33.0.1750.82:::::::*
cpe:2.3:a:google:chrome:33.0.1750.83:::::::*
cpe:2.3:a:google:chrome:33.0.1750.85:::::::*
cpe:2.3:a:google:chrome:33.0.1750.88:::::::*
cpe:2.3:a:google:chrome:33.0.1750.89:::::::*
cpe:2.3:a:google:chrome:33.0.1750.90:::::::*
cpe:2.3:a:google:chrome:33.0.1750.91:::::::*
cpe:2.3:a:google:chrome:33.0.1750.92:::::::*
cpe:2.3:a:google:chrome:33.0.1750.93:::::::*
cpe:2.3:a:google:chrome:33.0.1750.104:::::::*
cpe:2.3:a:google:chrome:33.0.1750.106:::::::*
cpe:2.3:a:google:chrome:33.0.1750.107:::::::*
cpe:2.3:a:google:chrome:33.0.1750.108:::::::*
cpe:2.3:a:google:chrome:33.0.1750.109:::::::*
cpe:2.3:a:google:chrome:33.0.1750.110:::::::*
cpe:2.3:a:google:chrome:33.0.1750.111:::::::*
cpe:2.3:a:google:chrome:33.0.1750.112:::::::*
cpe:2.3:a:google:chrome:33.0.1750.113:::::::*
cpe:2.3:a:google:chrome:33.0.1750.115:::::::*
実行環境
1	cpe:2.3:o:microsoft:windows::::::::

構成1		以上	以下	より上	未満
cpe:2.3:a:google:chrome::::::::			33.0.1750.116
cpe:2.3:a:google:chrome:33.0.1750.0:::::::*
cpe:2.3:a:google:chrome:33.0.1750.1:::::::*
cpe:2.3:a:google:chrome:33.0.1750.2:::::::*
cpe:2.3:a:google:chrome:33.0.1750.3:::::::*
cpe:2.3:a:google:chrome:33.0.1750.4:::::::*
cpe:2.3:a:google:chrome:33.0.1750.5:::::::*
cpe:2.3:a:google:chrome:33.0.1750.6:::::::*
cpe:2.3:a:google:chrome:33.0.1750.7:::::::*
cpe:2.3:a:google:chrome:33.0.1750.8:::::::*
cpe:2.3:a:google:chrome:33.0.1750.9:::::::*
cpe:2.3:a:google:chrome:33.0.1750.10:::::::*
cpe:2.3:a:google:chrome:33.0.1750.11:::::::*
cpe:2.3:a:google:chrome:33.0.1750.12:::::::*
cpe:2.3:a:google:chrome:33.0.1750.13:::::::*
cpe:2.3:a:google:chrome:33.0.1750.14:::::::*
cpe:2.3:a:google:chrome:33.0.1750.15:::::::*
cpe:2.3:a:google:chrome:33.0.1750.16:::::::*
cpe:2.3:a:google:chrome:33.0.1750.18:::::::*
cpe:2.3:a:google:chrome:33.0.1750.19:::::::*
cpe:2.3:a:google:chrome:33.0.1750.20:::::::*
cpe:2.3:a:google:chrome:33.0.1750.21:::::::*
cpe:2.3:a:google:chrome:33.0.1750.22:::::::*
cpe:2.3:a:google:chrome:33.0.1750.23:::::::*
cpe:2.3:a:google:chrome:33.0.1750.24:::::::*
cpe:2.3:a:google:chrome:33.0.1750.25:::::::*
cpe:2.3:a:google:chrome:33.0.1750.26:::::::*
cpe:2.3:a:google:chrome:33.0.1750.27:::::::*
cpe:2.3:a:google:chrome:33.0.1750.28:::::::*
cpe:2.3:a:google:chrome:33.0.1750.29:::::::*
cpe:2.3:a:google:chrome:33.0.1750.30:::::::*
cpe:2.3:a:google:chrome:33.0.1750.31:::::::*
cpe:2.3:a:google:chrome:33.0.1750.34:::::::*
cpe:2.3:a:google:chrome:33.0.1750.35:::::::*
cpe:2.3:a:google:chrome:33.0.1750.36:::::::*
cpe:2.3:a:google:chrome:33.0.1750.37:::::::*
cpe:2.3:a:google:chrome:33.0.1750.38:::::::*
cpe:2.3:a:google:chrome:33.0.1750.39:::::::*
cpe:2.3:a:google:chrome:33.0.1750.40:::::::*
cpe:2.3:a:google:chrome:33.0.1750.41:::::::*
cpe:2.3:a:google:chrome:33.0.1750.42:::::::*
cpe:2.3:a:google:chrome:33.0.1750.43:::::::*
cpe:2.3:a:google:chrome:33.0.1750.44:::::::*
cpe:2.3:a:google:chrome:33.0.1750.45:::::::*
cpe:2.3:a:google:chrome:33.0.1750.46:::::::*
cpe:2.3:a:google:chrome:33.0.1750.47:::::::*
cpe:2.3:a:google:chrome:33.0.1750.48:::::::*
cpe:2.3:a:google:chrome:33.0.1750.49:::::::*
cpe:2.3:a:google:chrome:33.0.1750.50:::::::*
cpe:2.3:a:google:chrome:33.0.1750.51:::::::*
cpe:2.3:a:google:chrome:33.0.1750.52:::::::*
cpe:2.3:a:google:chrome:33.0.1750.53:::::::*
cpe:2.3:a:google:chrome:33.0.1750.54:::::::*
cpe:2.3:a:google:chrome:33.0.1750.55:::::::*
cpe:2.3:a:google:chrome:33.0.1750.56:::::::*
cpe:2.3:a:google:chrome:33.0.1750.57:::::::*
cpe:2.3:a:google:chrome:33.0.1750.58:::::::*
cpe:2.3:a:google:chrome:33.0.1750.59:::::::*
cpe:2.3:a:google:chrome:33.0.1750.60:::::::*
cpe:2.3:a:google:chrome:33.0.1750.61:::::::*
cpe:2.3:a:google:chrome:33.0.1750.62:::::::*
cpe:2.3:a:google:chrome:33.0.1750.63:::::::*
cpe:2.3:a:google:chrome:33.0.1750.64:::::::*
cpe:2.3:a:google:chrome:33.0.1750.65:::::::*
cpe:2.3:a:google:chrome:33.0.1750.66:::::::*
cpe:2.3:a:google:chrome:33.0.1750.67:::::::*
cpe:2.3:a:google:chrome:33.0.1750.68:::::::*
cpe:2.3:a:google:chrome:33.0.1750.69:::::::*
cpe:2.3:a:google:chrome:33.0.1750.70:::::::*
cpe:2.3:a:google:chrome:33.0.1750.71:::::::*
cpe:2.3:a:google:chrome:33.0.1750.73:::::::*
cpe:2.3:a:google:chrome:33.0.1750.74:::::::*
cpe:2.3:a:google:chrome:33.0.1750.75:::::::*
cpe:2.3:a:google:chrome:33.0.1750.76:::::::*
cpe:2.3:a:google:chrome:33.0.1750.77:::::::*
cpe:2.3:a:google:chrome:33.0.1750.79:::::::*
cpe:2.3:a:google:chrome:33.0.1750.80:::::::*
cpe:2.3:a:google:chrome:33.0.1750.81:::::::*
cpe:2.3:a:google:chrome:33.0.1750.82:::::::*
cpe:2.3:a:google:chrome:33.0.1750.83:::::::*
cpe:2.3:a:google:chrome:33.0.1750.85:::::::*
cpe:2.3:a:google:chrome:33.0.1750.88:::::::*
cpe:2.3:a:google:chrome:33.0.1750.89:::::::*
cpe:2.3:a:google:chrome:33.0.1750.90:::::::*
cpe:2.3:a:google:chrome:33.0.1750.91:::::::*
cpe:2.3:a:google:chrome:33.0.1750.92:::::::*
cpe:2.3:a:google:chrome:33.0.1750.93:::::::*
cpe:2.3:a:google:chrome:33.0.1750.104:::::::*
cpe:2.3:a:google:chrome:33.0.1750.106:::::::*
cpe:2.3:a:google:chrome:33.0.1750.107:::::::*
cpe:2.3:a:google:chrome:33.0.1750.108:::::::*
cpe:2.3:a:google:chrome:33.0.1750.109:::::::*
cpe:2.3:a:google:chrome:33.0.1750.110:::::::*
cpe:2.3:a:google:chrome:33.0.1750.111:::::::*
cpe:2.3:a:google:chrome:33.0.1750.112:::::::*
cpe:2.3:a:google:chrome:33.0.1750.113:::::::*
cpe:2.3:a:google:chrome:33.0.1750.115:::::::*
実行環境
1	cpe:2.3:o:microsoft:windows::::::::

No	URL	タグ
1	http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html	Vendor Advisory
2	http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html	Vendor Advisory
3	https://code.google.com/p/chromium/issues/detail?id=334897
4	https://code.google.com/p/chromium/issues/detail?id=334897
5	https://src.chromium.org/viewvc/chrome?revision=247511&view=revision	Patch
6	https://src.chromium.org/viewvc/chrome?revision=247511&view=revision	Patch