5
CVE-2014-3195
- EPSS 0.49%
- Published 08.10.2014 10:55:06
- Last modified 12.04.2025 10:46:40
- Source chrome-cve-admin@google.com
- Teams watchlist Login
- Open Login
Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Enterprise Linux Desktop Supplementary Version6.0
Redhat ≫ Enterprise Linux Server Supplementary Version6.0
Redhat ≫ Enterprise Linux Server Supplementary Eus Version6.6.z
Redhat ≫ Enterprise Linux Workstation Supplementary Version6.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Type | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.49% | 0.628 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|