CVE-2015-1216

2015-03-0900:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2015-1216

use-after-free

v8 bindings

blink

google chrome

denial of service

remote attackers

nvd

6.9 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.4%

JSON

Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a frame detachment.

CPENameOperatorVersion
google:chromegoogle chromele40.0.2214.115
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
redhat:enterprise_linux_desktop_supplementaryredhat enterprise linux desktop supplementaryeq6.0
redhat:enterprise_linux_server_supplementaryredhat enterprise linux server supplementaryeq6.0
redhat:enterprise_linux_workstation_supplementaryredhat enterprise linux workstation supplementaryeq6.0
redhat:enterprise_linux_server_supplementary_eusredhat enterprise linux server supplementary euseq6.6.z

CPE	Name	Operator	Version
google:chrome	google chrome	le	40.0.2214.115
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
redhat:enterprise_linux_desktop_supplementary	redhat enterprise linux desktop supplementary	eq	6.0
redhat:enterprise_linux_server_supplementary	redhat enterprise linux server supplementary	eq	6.0
redhat:enterprise_linux_workstation_supplementary	redhat enterprise linux workstation supplementary	eq	6.0
redhat:enterprise_linux_server_supplementary_eus	redhat enterprise linux server supplementary eus	eq	6.6.z