VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 21, 2013· Updated Apr 29, 2026

CVE-2013-2900

CVE-2013-2900

Description

The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name.

Affected products

52
  • Google/Chrome51 versions
    cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 50 more
    • cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <=29.0.1547.56
    • cpe:2.3:a:google:chrome:29.0.1547.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.10:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.11:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.12:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.13:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.14:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.15:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.16:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.17:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.18:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.19:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.20:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.21:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.22:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.23:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.27:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.28:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.29:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.3:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.30:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.31:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.32:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.33:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.34:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.35:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.36:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.37:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.38:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.39:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.4:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.40:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.41:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.42:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.45:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.46:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.47:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.48:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.49:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.5:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.50:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.51:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.52:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.53:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.54:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.55:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.7:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.8:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.9:*:*:*:*:*:*:*
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.