CVE-2016-1612

EPSS 1.03%
Veröffentlicht 25.01.2016 11:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle chrome-cve-admin@google.com
CVE-Watchlists
Login
Unerledigt
Login

The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version <= 47.0.2526.106

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.03%	0.764

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.6	2.8	4.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://security.gentoo.org/glsa/201603-09

http://www.debian.org/security/2016/dsa-3456

http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html

http://rhn.redhat.com/errata/RHSA-2016-0072.html

http://www.securityfocus.com/bid/81431

http://www.securitytracker.com/id/1034801

http://www.ubuntu.com/usn/USN-2877-1

https://chromium.googlesource.com/v8/v8/+/cfbd16172fa165cc33ce0e2e72f74e5561168a61

https://code.google.com/p/chromium/issues/detail?id=497632

https://codereview.chromium.org/1531583005

https://nvd.nist.gov/vuln/detail/CVE-2016-1612

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1612

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1612

EUVD