Vulnerability Details : CVE-2016-1669
Potential exploit
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2016-1669
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:v8:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1669
5.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1669
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-1669
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1669
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
Sorry
-
http://www.ubuntu.com/usn/USN-2960-1
USN-2960-1: Oxide vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html
[security-announce] openSUSE-SU-2016:1655-1: important: Security update
-
https://access.redhat.com/errata/RHSA-2017:0880
RHSA-2017:0880 - Security Advisory - Red Hat Customer Portal
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/
[SECURITY] Fedora 24 Update: v8-3.14.5.10-25.fc24 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/
[SECURITY] Fedora 23 Update: v8-3.14.5.10-25.fc23 - package-announce - Fedora Mailing-Lists
-
http://rhn.redhat.com/errata/RHSA-2016-1080.html
RHSA-2016:1080 - Security Advisory - Red Hat Customer Portal
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/
[SECURITY] Fedora 23 Update: v8-3.14.5.10-25.fc23 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html
openSUSE-SU-2016:1834-1: moderate: Security update for nodejs
-
https://access.redhat.com/errata/RHSA-2017:0879
RHSA-2017:0879 - Security Advisory - Red Hat Customer Portal
-
https://security.gentoo.org/glsa/201605-02
Chromium: Multiple vulnerabilities (GLSA 201605-02) — Gentoo security
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/
[SECURITY] Fedora 24 Update: v8-3.14.5.10-25.fc24 - package-announce - Fedora Mailing-Lists
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html
[security-announce] openSUSE-SU-2016:1319-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html
[security-announce] openSUSE-SU-2016:1304-1: important: Security update
-
https://access.redhat.com/errata/RHSA-2018:0336
RHSA-2018:0336 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:0881
RHSA-2017:0881 - Security Advisory - Red Hat Customer Portal
-
http://www.securitytracker.com/id/1035872
Google Chrome Multiple Flaws Lets Remote Users Bypass Same-Origin Restrictions, Traverse the Directory, and Execute Arbitrary Code - SecurityTracker
-
https://codereview.chromium.org/1945313002
Issue 1945313002: Version 5.0.71.47 (cherry-pick) - Code Review
-
http://www.debian.org/security/2016/dsa-3590
Debian -- Security Information -- DSA-3590-1 chromium-browser
-
http://rhn.redhat.com/errata/RHSA-2017-0002.html
RHSA-2017:0002 - Security Advisory - Red Hat Customer Portal
-
https://crbug.com/606115
606115 - Security: Use After Free in RegExp of V8 - chromium - Monorail
-
http://www.securityfocus.com/bid/90584
Google Chrome Prior to 50.0.2661.102 Multiple Security Vulnerabilities
-
https://access.redhat.com/errata/RHSA-2017:0882
RHSA-2017:0882 - Security Advisory - Red Hat Customer Portal
-
http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html
Chrome Releases: Stable Channel Update
Jump to