Vulnerability Details : CVE-2016-1669
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2016-1669
Probability of exploitation activity in the next 30 days: 3.47%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-1669
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-1669
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1669
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
SorryThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2960-1
USN-2960-1: Oxide vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html
[security-announce] openSUSE-SU-2016:1655-1: important: Security updateThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:0880
RHSA-2017:0880 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/
[SECURITY] Fedora 24 Update: v8-3.14.5.10-25.fc24 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1080.html
RHSA-2016:1080 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/
[SECURITY] Fedora 23 Update: v8-3.14.5.10-25.fc23 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html
openSUSE-SU-2016:1834-1: moderate: Security update for nodejsMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:0879
RHSA-2017:0879 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://security.gentoo.org/glsa/201605-02
Chromium: Multiple vulnerabilities (GLSA 201605-02) — Gentoo securityThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html
[security-announce] openSUSE-SU-2016:1319-1: important: Security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html
[security-announce] openSUSE-SU-2016:1304-1: important: Security updateMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:0336
RHSA-2018:0336 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:0881
RHSA-2017:0881 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securitytracker.com/id/1035872
Google Chrome Multiple Flaws Lets Remote Users Bypass Same-Origin Restrictions, Traverse the Directory, and Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
https://codereview.chromium.org/1945313002
Issue 1945313002: Version 5.0.71.47 (cherry-pick) - Code ReviewThird Party Advisory
-
http://www.debian.org/security/2016/dsa-3590
Debian -- Security Information -- DSA-3590-1 chromium-browserThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0002.html
RHSA-2017:0002 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://crbug.com/606115
606115 - Security: Use After Free in RegExp of V8 - chromium - MonorailThird Party Advisory
-
http://www.securityfocus.com/bid/90584
Google Chrome Prior to 50.0.2661.102 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:0882
RHSA-2017:0882 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
Products affected by CVE-2016-1669
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:v8:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*