5
CVE-2014-3195
- EPSS 1.21%
- Veröffentlicht 08.10.2014 10:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle chrome-cve-admin@google.com
- CVE-Watchlists
- Unerledigt
Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Enterprise Linux Desktop Supplementary Version6.0
Redhat ≫ Enterprise Linux Server Supplementary Version6.0
Redhat ≫ Enterprise Linux Server Supplementary Eus Version6.6.z
Redhat ≫ Enterprise Linux Workstation Supplementary Version6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.21% | 0.644 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html
http://rhn.redhat.com/errata/RHSA-2014-1626.html
http://www.securityfocus.com/bid/70273
https://code.google.com/p/v8/source/detail?r=23144
https://code.google.com/p/v8/source/detail?r=23268
https://crbug.com/403409