Vulnerability Details : CVE-2015-6764
Potential exploit
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2015-6764
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-6764
13.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-6764
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2015-6764
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6764
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html
[security-announce] openSUSE-SU-2015:2291-1: important: Security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html
[security-announce] openSUSE-SU-2015:2290-1: important: Security updateMailing List;Third Party Advisory
-
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc
6df9a1db8c85ab63dee63879456b6027df53fabc - v8/v8 - Git at GoogleVendor Advisory
-
https://codereview.chromium.org/1440223002
Issue 1440223002: [JSON stringifier] reintroduce fast path with bail out to slow path. - Code ReviewVendor Advisory
-
https://security.gentoo.org/glsa/201603-09
Chromium: Multiple vulnerabilities (GLSA 201603-09) — Gentoo securityThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html
openSUSE-SU-2016:0138-1: moderate: Security update for nodejsMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/78209
Node.js CVE-2015-6764 Out of Bounds Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1034298
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Spoof Content - SecurityTrackerThird Party Advisory;VDB Entry
-
https://code.google.com/p/chromium/issues/detail?id=554946
554946 - Security: Pwn2Own mobile case, out-of-bound access in json stringifier - chromium - MonorailIssue Tracking;Vendor Advisory
-
http://www.debian.org/security/2015/dsa-3415
Debian -- Security Information -- DSA-3415-1 chromium-browserMailing List;Third Party Advisory
Jump to