Описание
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 49.0.2623.108-0ubuntu1.1233 |
| bionic | released | 49.0.2623.108-0ubuntu1.1233 |
| cosmic | released | 49.0.2623.108-0ubuntu1.1233 |
| devel | released | 49.0.2623.108-0ubuntu1.1233 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [49.0.2623.108-0ubuntu0.14.04.1.1113]] |
| precise | ignored | |
| precise/esm | DNE | precise was ignored |
| trusty | released | 49.0.2623.108-0ubuntu0.14.04.1.1113 |
| trusty/esm | DNE | trusty was released [49.0.2623.108-0ubuntu0.14.04.1.1113] |
| upstream | released | 49.0.2623.108 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support |
| cosmic | ignored | end of life |
| devel | ignored | libv8 not supported |
| esm-apps/bionic | ignored | libv8 not supported |
| esm-apps/xenial | ignored | libv8 not supported |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored [libv8 not supported]] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 1.14.9-0ubuntu1 |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.14.7-0ubuntu0.14.04.1]] |
| esm-infra/xenial | released | 1.14.7-0ubuntu1 |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | released | 1.14.7-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [1.14.7-0ubuntu0.14.04.1] |
Показывать по
EPSS
9.3 Critical
CVSS2
8.8 High
CVSS3
Связанные уязвимости
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
The Array.prototype.concat implementation in builtins.cc in Google V8, ...
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
EPSS
9.3 Critical
CVSS2
8.8 High
CVSS3