CVE-2016-1677

EPSS 10.06%
Published 05.06.2016 23:59:05
Last modified 12.04.2025 10:46:40
Source chrome-cve-admin@google.com
Teams watchlist Login
Open Login

uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."

Affected products Warnungen 0 Metrics 3 CWE 1 References 15

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Chrome Version <= 50.0.2661.102

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version15.10

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Debian ≫ Debian Linux Version8.0

Opensuse ≫ Leap Version42.1

Opensuse ≫ Opensuse Version13.2

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Workstation Version6.0

Suse ≫ Linux Enterprise Version12.0

Google ≫ V8 Version <= 5.1.281

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	10.06%	0.928

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.debian.org/security/2016/dsa-3590

http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html

http://www.securityfocus.com/bid/90876

http://www.securitytracker.com/id/1035981

https://access.redhat.com/errata/RHSA-2016:1190

https://security.gentoo.org/glsa/201607-07

http://www.ubuntu.com/usn/USN-2992-1

https://codereview.chromium.org/1936083002

https://crbug.com/602970

https://nvd.nist.gov/vuln/detail/CVE-2016-1677

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1677

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1677

EUVD