FKIE_CVE-2013-2900
Vulnerability from fkie_nvd - Published: 2013-08-21 12:17 - Updated: 2025-04-11 00:51
Severity ?
Summary
The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| chrome | * | ||
| chrome | 29.0.1547.0 | ||
| chrome | 29.0.1547.1 | ||
| chrome | 29.0.1547.2 | ||
| chrome | 29.0.1547.3 | ||
| chrome | 29.0.1547.4 | ||
| chrome | 29.0.1547.5 | ||
| chrome | 29.0.1547.7 | ||
| chrome | 29.0.1547.8 | ||
| chrome | 29.0.1547.9 | ||
| chrome | 29.0.1547.10 | ||
| chrome | 29.0.1547.11 | ||
| chrome | 29.0.1547.12 | ||
| chrome | 29.0.1547.13 | ||
| chrome | 29.0.1547.14 | ||
| chrome | 29.0.1547.15 | ||
| chrome | 29.0.1547.16 | ||
| chrome | 29.0.1547.17 | ||
| chrome | 29.0.1547.18 | ||
| chrome | 29.0.1547.19 | ||
| chrome | 29.0.1547.20 | ||
| chrome | 29.0.1547.21 | ||
| chrome | 29.0.1547.22 | ||
| chrome | 29.0.1547.23 | ||
| chrome | 29.0.1547.27 | ||
| chrome | 29.0.1547.28 | ||
| chrome | 29.0.1547.29 | ||
| chrome | 29.0.1547.30 | ||
| chrome | 29.0.1547.31 | ||
| chrome | 29.0.1547.32 | ||
| chrome | 29.0.1547.33 | ||
| chrome | 29.0.1547.34 | ||
| chrome | 29.0.1547.35 | ||
| chrome | 29.0.1547.36 | ||
| chrome | 29.0.1547.37 | ||
| chrome | 29.0.1547.38 | ||
| chrome | 29.0.1547.39 | ||
| chrome | 29.0.1547.40 | ||
| chrome | 29.0.1547.41 | ||
| chrome | 29.0.1547.42 | ||
| chrome | 29.0.1547.45 | ||
| chrome | 29.0.1547.46 | ||
| chrome | 29.0.1547.47 | ||
| chrome | 29.0.1547.48 | ||
| chrome | 29.0.1547.49 | ||
| chrome | 29.0.1547.50 | ||
| chrome | 29.0.1547.51 | ||
| chrome | 29.0.1547.52 | ||
| chrome | 29.0.1547.53 | ||
| chrome | 29.0.1547.54 | ||
| chrome | 29.0.1547.55 | ||
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F7E1EE-34F6-4ACD-8CB2-8E1E2C697167",
"versionEndIncluding": "29.0.1547.56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A205F4A9-C759-4EDE-A220-4E8254FDF710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2691B40B-0780-4273-89A2-D4A27C9F6DDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5E5187-F8DC-4ABC-8553-708863184E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29895241-7320-4A63-9F5D-63DCDB746FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.4:*:*:*:*:*:*:*",
"matchCriteriaId": "29FC1D63-65E6-4A74-9A35-DF163695B02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4086C4-32FF-47B9-8028-976961465485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.7:*:*:*:*:*:*:*",
"matchCriteriaId": "96815460-04C1-4149-8816-7752E179982E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CFBCA972-CA9A-45BF-BE23-783EAA57B77E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B57105-A7FD-4C2D-AFA8-852372E18588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA34F38-99D6-475E-8E2B-FB5A8476B64E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C97CA451-8E54-4E8E-A016-F0B35898AC11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C4994EC6-189A-469C-93B5-A937C00417DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD3ACF2-C0FE-48DF-818B-85145B0FC1BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9636B493-5817-4FB6-9DC5-B90B00352633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDF5FF9-232E-4639-A9B7-3EED34473189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0520DA-59C7-439B-B844-3E4205D5F183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6E124A90-EB96-453E-A144-31B7D0837CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC39D00-0AB3-428D-9ABC-68AD05F25C4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.19:*:*:*:*:*:*:*",
"matchCriteriaId": "740A8019-FBED-4CBE-9429-8B704F6AE1F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E20C7EE2-A0F6-41A0-B253-24C44C2B4504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6969D860-2DD9-41C6-832C-9DD9E6ADB641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.22:*:*:*:*:*:*:*",
"matchCriteriaId": "23E7D241-B1EC-4C71-8040-21034EB307E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.23:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCE5807-2AC0-4EAC-8254-0DE691BE1D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.27:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAC107C-35DD-44A4-A2DC-ACB038DE0A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.28:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6BE2CA-8D36-4D22-B647-CEB71882BDB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.29:*:*:*:*:*:*:*",
"matchCriteriaId": "DA6C1355-357C-496A-AD0A-07147AAB1F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.30:*:*:*:*:*:*:*",
"matchCriteriaId": "E715A992-AD6C-4108-B72D-2CD8079130D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.31:*:*:*:*:*:*:*",
"matchCriteriaId": "378821F6-51E8-46F6-99DA-088AE15CCA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.32:*:*:*:*:*:*:*",
"matchCriteriaId": "0F65387F-8F24-4F56-AE72-BE3C275738D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.33:*:*:*:*:*:*:*",
"matchCriteriaId": "C43A8070-20EF-47AE-AE18-29F84E6DE46C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.34:*:*:*:*:*:*:*",
"matchCriteriaId": "16FA0F16-3056-4CF8-AFC9-63646C616834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.35:*:*:*:*:*:*:*",
"matchCriteriaId": "9C4F7F75-26DF-4A4E-BB56-2C1518B444A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6C623D17-6FA1-4BF4-B97B-C28C1A4FA94B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.37:*:*:*:*:*:*:*",
"matchCriteriaId": "C278FCD7-B7D0-423D-ACA8-81E748D68E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.38:*:*:*:*:*:*:*",
"matchCriteriaId": "A2DB4A78-442D-4C4D-81FE-8839BA1B32F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.39:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB94975-2E46-4B37-914F-97EB52E53ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.40:*:*:*:*:*:*:*",
"matchCriteriaId": "B76A5684-CCE8-4596-95BA-6E885A55F7E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.41:*:*:*:*:*:*:*",
"matchCriteriaId": "775E231C-BFE6-4590-9D51-796CA54FF4FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.42:*:*:*:*:*:*:*",
"matchCriteriaId": "C091A681-60FB-470F-8D86-E0EEC23B0266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.45:*:*:*:*:*:*:*",
"matchCriteriaId": "C41C427C-CDB7-4E9B-B46A-DED3DCCA16E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.46:*:*:*:*:*:*:*",
"matchCriteriaId": "911006E1-8631-4ADB-BD1D-6574EAEC36A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.47:*:*:*:*:*:*:*",
"matchCriteriaId": "258CE5FE-41C4-4738-A39F-E1885E070D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.48:*:*:*:*:*:*:*",
"matchCriteriaId": "4134B5DA-59A5-4BE5-8613-F9CC4776A0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.49:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD852DE-41AE-4C9F-898C-79C0B81B2B5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.50:*:*:*:*:*:*:*",
"matchCriteriaId": "6975C72C-3499-4DBA-A1D3-56C67077AA03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.51:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB37BA-E21E-4DD7-AC2C-17D1951AA6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.52:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BAB482-CACD-465D-A007-5377C6FCE784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.53:*:*:*:*:*:*:*",
"matchCriteriaId": "7F3581AF-6A19-42AD-ACA5-C1B8E922BE32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.54:*:*:*:*:*:*:*",
"matchCriteriaId": "8D85AA6D-A0B9-42F1-8F12-686256276F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:29.0.1547.55:*:*:*:*:*:*:*",
"matchCriteriaId": "466AC650-FE2F-427A-AB9B-3E18F5563CE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name."
},
{
"lang": "es",
"value": "La funcion FilePath::ReferencesParent en files/file_path.cc en Google Chrome anterior a v29.0.1547.57 en Windows no maneja adecuadamente las rutas de los componentes compuestos en su totalidad de. (punto) y espacios en blanco, lo que permite a atacantes remotos realizar ataques transversales de directorio a trav\u00e9s de un nombre de directorio manipulado."
}
],
"id": "CVE-2013-2900",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-21T12:17:56.730",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://crbug.com/181617"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2013/dsa-2741"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18381"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://src.chromium.org/viewvc/chrome?revision=200603\u0026view=revision"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://crbug.com/181617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://src.chromium.org/viewvc/chrome?revision=200603\u0026view=revision"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…