// For flags

CVE-2013-0899

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet.

Desbordamiento de entero en la aplicación de relleno en la función opus_packet_parse_impl en src / opus_decoder.c en el Opus antes de v1.0.2, tal como se utiliza en Google Chrome antes v25.0.1364.97 en Windows y Linux, y antes v25.0.1364.99 en Mac OS X y otros productos, permite atacantes remotos provocar una denegación de servicio (leer fuera de límites) a través de un gran paquete.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-01-07 CVE Reserved
  • 2013-02-23 CVE Published
  • 2023-11-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-190: Integer Overflow or Wraparound
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Opus-codec
Search vendor "Opus-codec"
Opus
Search vendor "Opus-codec" for product "Opus"
< 1.0.2
Search vendor "Opus-codec" for product "Opus" and version " < 1.0.2"
-
Affected
in Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
--
Safe
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
< 25.0.1364.97
Search vendor "Google" for product "Chrome" and version " < 25.0.1364.97"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
< 25.0.1364.97
Search vendor "Google" for product "Chrome" and version " < 25.0.1364.97"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
< 25.0.1364.99
Search vendor "Google" for product "Chrome" and version " < 25.0.1364.99"
-
Affected
in Apple
Search vendor "Apple"
Ipados
Search vendor "Apple" for product "Ipados"
--
Safe
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
< 25.0.1364.99
Search vendor "Google" for product "Chrome" and version " < 25.0.1364.99"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
--
Safe
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
< 25.0.1364.99
Search vendor "Google" for product "Chrome" and version " < 25.0.1364.99"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
< 25.0.1364.99
Search vendor "Google" for product "Chrome" and version " < 25.0.1364.99"
-
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
12.1
Search vendor "Opensuse" for product "Opensuse" and version "12.1"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
12.2
Search vendor "Opensuse" for product "Opensuse" and version "12.2"
-
Affected