FKIE_CVE-2016-1669

Vulnerability from fkie_nvd - Published: 2016-05-14 21:59 - Updated: 2025-04-12 10:46
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
References
chrome-cve-admin@google.comhttp://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html
chrome-cve-admin@google.comhttp://rhn.redhat.com/errata/RHSA-2016-1080.html
chrome-cve-admin@google.comhttp://rhn.redhat.com/errata/RHSA-2017-0002.html
chrome-cve-admin@google.comhttp://www.debian.org/security/2016/dsa-3590
chrome-cve-admin@google.comhttp://www.securityfocus.com/bid/90584
chrome-cve-admin@google.comhttp://www.securitytracker.com/id/1035872
chrome-cve-admin@google.comhttp://www.ubuntu.com/usn/USN-2960-1
chrome-cve-admin@google.comhttps://access.redhat.com/errata/RHSA-2017:0879
chrome-cve-admin@google.comhttps://access.redhat.com/errata/RHSA-2017:0880
chrome-cve-admin@google.comhttps://access.redhat.com/errata/RHSA-2017:0881
chrome-cve-admin@google.comhttps://access.redhat.com/errata/RHSA-2017:0882
chrome-cve-admin@google.comhttps://access.redhat.com/errata/RHSA-2018:0336
chrome-cve-admin@google.comhttps://codereview.chromium.org/1945313002
chrome-cve-admin@google.comhttps://crbug.com/606115
chrome-cve-admin@google.comhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201605-02
af854a3a-2127-422b-91ae-364da2661108http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-1080.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2017-0002.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3590
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/90584
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1035872
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2960-1
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:0879
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:0880
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:0881
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:0882
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0336
af854a3a-2127-422b-91ae-364da2661108https://codereview.chromium.org/1945313002
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/606115
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201605-02
Impacted products
Vendor Product Version
debian debian_linux 8.0
google chrome *
opensuse opensuse 13.1
google v8 *
nodejs node.js *
nodejs node.js *
nodejs node.js *
nodejs node.js *
nodejs node.js *
nodejs node.js *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
canonical ubuntu_linux 16.04
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "564CADC6-8AB4-4FE0-8E0A-245E87712035",
              "versionEndIncluding": "50.0.2661.87",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:v8:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA6F8A68-B4C0-4DB4-945F-4041F731FDE1",
              "versionEndIncluding": "5.0.71",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91D770B4-E1AB-40F6-A9FC-88E0FE860C81",
              "versionEndExcluding": "0.10.46",
              "versionStartIncluding": "0.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90D7908B-0B23-4CC4-9585-0120DF187A47",
              "versionEndExcluding": "0.12.15",
              "versionStartIncluding": "0.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
              "versionEndIncluding": "4.1.2",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "9731B34D-C6F6-4129-BFEB-6C5C171F4CC0",
              "versionEndExcluding": "4.4.6",
              "versionStartIncluding": "4.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "30165C60-84D5-49FC-84C9-5CE9CF0DC43D",
              "versionEndExcluding": "5.12.0",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "9ED36E22-DA95-4913-AB4E-4FB696031FFA",
              "versionEndIncluding": "6.2.0",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n Zone::New en zone.cc en Google V8 en versiones anteriores a 5.0.71.47, tal como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.102, no determina correctamente cu\u00e1ndo expandir ciertas asignaciones de memoria, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desbordamiento de buffer) o posiblemente tener otro impacto no especificado a trav\u00e9s de c\u00f3digo JavaScript manipulado."
    }
  ],
  "id": "CVE-2016-1669",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-05-14T21:59:09.460",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1080.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0002.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.debian.org/security/2016/dsa-3590"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.securityfocus.com/bid/90584"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.securitytracker.com/id/1035872"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.ubuntu.com/usn/USN-2960-1"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://access.redhat.com/errata/RHSA-2017:0879"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://access.redhat.com/errata/RHSA-2017:0880"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://access.redhat.com/errata/RHSA-2017:0881"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://access.redhat.com/errata/RHSA-2017:0882"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://access.redhat.com/errata/RHSA-2018:0336"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://codereview.chromium.org/1945313002"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://crbug.com/606115"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://security.gentoo.org/glsa/201605-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1080.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/90584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2960-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2017:0879"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2017:0880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2017:0881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2017:0882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:0336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://codereview.chromium.org/1945313002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://crbug.com/606115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201605-02"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.