Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-1669

Опубликовано: 11 мая 2016
Источник: redhat
CVSS3: 5.6
CVSS2: 5.1
EPSS Низкий

Описание

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.

An integer-overflow flaw was found in V8's Zone class when allocating new memory (Zone::New() and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6v8Will not fix
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7v8Will not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)v8Will not fix
Red Hat OpenShift Enterprise 2nodejs010-nodejsWill not fix
Red Hat OpenShift Enterprise 2v8Will not fix
Red Hat OpenShift Enterprise 3nodejsNot affected
Red Hat OpenShift Enterprise 3v8Not affected
Red Hat OpenStack Platform 11 (Ocata)v8Not affected
Red Hat Software Collectionsnodejs010-nodejsWill not fix
Red Hat Software Collectionsv8314-v8Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1335449V8: integer overflow leading to buffer overflow in Zone::New

EPSS

Процентиль: 90%
0.06073
Низкий

5.6 Medium

CVSS3

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-1669

CVSS3: 8.8
ubuntu
около 9 лет назад

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.

nvd логотип

CVE-2016-1669

CVSS3: 8.8
nvd
около 9 лет назад

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.

debian логотип

CVE-2016-1669

CVSS3: 8.8
debian
около 9 лет назад

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as us ...

suse-cvrf логотип

openSUSE-SU-2016:1834-1

suse-cvrf
почти 9 лет назад

Security update for nodejs

github логотип

GHSA-7wg6-6952-3vfv

CVSS3: 8.8
github
около 3 лет назад

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.

EPSS

Процентиль: 90%
0.06073
Низкий

5.6 Medium

CVSS3

5.1 Medium

CVSS2

Уязвимость CVE-2016-1669