CVE-2016-5138

EPSS 1.07%
Veröffentlicht 01.08.2016 02:59:16
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle chrome-cve-admin@google.com
CVE-Watchlists
Login
Unerledigt
Login

Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffer overflow and use-after-free) by leveraging an unrestricted multiplication.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version <= 52.0.2743.82

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.07%	0.757

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://security.gentoo.org/glsa/201610-09

http://googlechromereleases.blogspot.com/2016/07/stable-channel-update-for-chrome-os_26.html

http://www.securityfocus.com/bid/92139

http://www.securitytracker.com/id/1036484

https://bugs.chromium.org/p/chromium/issues/detail?id=631752&desc=2

https://chromium.googlesource.com/chromiumos/third_party/kernel/+/d65f7c158dabbb5b9e89723aceb30e874c2d748a

https://nvd.nist.gov/vuln/detail/CVE-2016-5138

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-5138

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-5138

EUVD