Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-1669


The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.


Published

2016-05-14T21:59:09.460

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-119

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System debian debian_linux 8.0 Yes
Application google chrome ≤ 50.0.2661.87 Yes
Operating System opensuse opensuse 13.1 Yes
Application google v8 ≤ 5.0.71 Yes
Application nodejs node.js < 0.10.46 Yes
Application nodejs node.js < 0.12.15 Yes
Application nodejs node.js ≤ 4.1.2 Yes
Application nodejs node.js < 4.4.6 Yes
Application nodejs node.js < 5.12.0 Yes
Application nodejs node.js ≤ 6.2.0 Yes
Operating System canonical ubuntu_linux 14.04 Yes
Operating System canonical ubuntu_linux 15.10 Yes
Operating System canonical ubuntu_linux 16.04 Yes

References