CVE-2016-1646 : The Array.prototype.concat implementation in builtins.cc in Google V8, as used i

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.

Published 2016-03-29 10:59:00

Updated 2025-04-12 10:46:41

Source Chrome

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-1646

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 6.7
cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Suse » Package Hub » Version: N/A
cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*
Matching versions
Google » Chrome
Versions before (<) 49.0.2623.108
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 15.10
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 42.1
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Matching versions

CVE-2016-1646 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

Google Chromium V8 Out-of-Bounds Read Vulnerability

CISA required action:

Apply updates per vendor instructions.

CISA description:

Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not l

Notes:

https://nvd.nist.gov/vuln/detail/CVE-2016-1646

Added on 2022-06-08 Action due date 2022-06-22

Exploit prediction scoring system (EPSS) score for CVE-2016-1646

EPSS FAQ

66.91%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-1646

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-01-29
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST	2025-01-28
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-1646

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2016-1646

https://code.google.com/p/chromium/issues/detail?id=594574

594574 - Security: v8 Array.concat OOB access writeup - chromium - Monorail
Exploit;Issue Tracking;Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html

[security-announce] openSUSE-SU-2016:0930-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2016-0525.html

RHSA-2016:0525 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html

[security-announce] openSUSE-SU-2016:1059-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html

[security-announce] openSUSE-SU-2016:0929-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/201605-02

Chromium: Multiple vulnerabilities (GLSA 201605-02) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html

Chrome Releases: Stable Channel Update
Release Notes;Vendor Advisory

CVEs referencing this url
https://codereview.chromium.org/1804963002/

Issue 1804963002: [builtins] Fix Array.prototype.concat bug - Code Review
Patch
http://www.ubuntu.com/usn/USN-2955-1

USN-2955-1: Oxide vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1035423

Google Chrome Multiple Flaws Lets Remote Users Execute Arbitrary Code - SecurityTracker
Broken Link;Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.debian.org/security/2016/dsa-3531

Debian -- Security Information -- DSA-3531-1 chromium-browser
Mailing List;Third Party Advisory

CVEs referencing this url