Описание
Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 38.0.2125.111-0ubuntu1.1103 |
| bionic | released | 38.0.2125.111-0ubuntu1.1103 |
| cosmic | released | 38.0.2125.111-0ubuntu1.1103 |
| devel | released | 38.0.2125.111-0ubuntu1.1103 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [38.0.2125.111-0ubuntu0.14.04.1.1061]] |
| lucid | ignored | end of life |
| precise | ignored | |
| precise/esm | DNE | precise was ignored |
| trusty | released | 38.0.2125.111-0ubuntu0.14.04.1.1061 |
| trusty/esm | DNE | trusty was released [38.0.2125.111-0ubuntu0.14.04.1.1061] |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| lucid | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | DNE | |
| trusty/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support |
| cosmic | ignored | end of life |
| devel | ignored | libv8 not supported |
| esm-apps/bionic | ignored | libv8 not supported |
| esm-apps/xenial | ignored | libv8 not supported |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored [libv8 not supported]] |
| lucid | DNE | |
| precise | DNE | |
| precise/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 1.2.5-0ubuntu1 |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.2.5-0ubuntu0.14.04.1]] |
| esm-infra/xenial | released | 1.2.5-0ubuntu1 |
| lucid | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | released | 1.2.5-0ubuntu0.14.04.1 |
Показывать по
Ссылки на источники
5 Medium
CVSS2
Связанные уязвимости
Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc.
Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc.
Google V8, as used in Google Chrome before 38.0.2125.101, does not pro ...
Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc.
5 Medium
CVSS2