9.3

CVE-2016-1669

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version8.0
GoogleChrome Version <= 50.0.2661.87
OpensuseOpensuse Version13.1
GoogleV8 Version <= 5.0.71
NodejsNode.Js Version >= 0.10.0 < 0.10.46
NodejsNode.Js Version >= 0.12.0 < 0.12.15
NodejsNode.Js SwEdition- Version >= 4.0.0 <= 4.1.2
NodejsNode.Js SwEditionlts Version >= 4.2.0 < 4.4.6
NodejsNode.Js SwEdition- Version >= 5.0.0 < 5.12.0
NodejsNode.Js SwEdition- Version >= 6.0.0 <= 6.2.0
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionesm
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.23% 0.898
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://access.redhat.com/errata/RHSA-2018:0336
https://security.gentoo.org/glsa/201605-02
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html
http://www.ubuntu.com/usn/USN-2960-1
http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html
http://rhn.redhat.com/errata/RHSA-2016-1080.html
http://www.debian.org/security/2016/dsa-3590
http://www.securityfocus.com/bid/90584
http://www.securitytracker.com/id/1035872
http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html
http://rhn.redhat.com/errata/RHSA-2017-0002.html
https://access.redhat.com/errata/RHSA-2017:0879
https://access.redhat.com/errata/RHSA-2017:0880
https://access.redhat.com/errata/RHSA-2017:0881
https://access.redhat.com/errata/RHSA-2017:0882
https://codereview.chromium.org/1945313002
https://crbug.com/606115
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/