CVE-2016-2844

EPSS 1.99%
Veröffentlicht 06.03.2016 02:59:14
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle chrome-cve-admin@google.com
CVE-Watchlists
Login
Unerledigt
Login

WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version <= 48.0.2564.116

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.99%	0.829

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html

http://www.securitytracker.com/id/1035185

http://www.ubuntu.com/usn/USN-2920-1

https://code.google.com/p/chromium/issues/detail?id=591402

http://www.securityfocus.com/bid/84170

https://bugs.chromium.org/p/chromium/issues/detail?id=546849

https://codereview.chromium.org/1423573002

https://nvd.nist.gov/vuln/detail/CVE-2016-2844

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-2844

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-2844

EUVD