CVE-2013-6668

Google Chrome <33.0.1750.146 V8 - Impact Unknown

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6668. PoCs published by sdneon.

AI-analyzed exploit summary This PoC demonstrates a DoS vulnerability in Node.js v0.10.31 (CVE-2013-6668) by repeatedly executing a SQL stored procedure via the 'tedious' module, causing Node.js to crash when more than 52 rows are returned. The issue is linked to a v8 backport patch and affects specific configurations of Node.js and MS SQL Server.

Description

Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Exploits (1)

nomisec WORKING POC

by sdneon · poc

https://github.com/sdneon/CveTest

View Code ZIP pw:eip

This PoC demonstrates a DoS vulnerability in Node.js v0.10.31 (CVE-2013-6668) by repeatedly executing a SQL stored procedure via the 'tedious' module, causing Node.js to crash when more than 52 rows are returned. The issue is linked to a v8 backport patch and affects specific configurations of Node.js and MS SQL Server.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Node.js v0.10.31 with tedious module v1.4.3 or earlier

Auth required

Prerequisites: Windows 7 64-bit · MS SQL Server 2005 · Node.js v0.10.31 x64 · tedious module v1.4.3 or earlier · Access to a SQL database with a stored procedure returning >52 rows

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →