Lucene search

[email protected]CVE-2016-1612

HistoryJan 25, 2016 - 11:59 a.m.

CVE-2016-1612

2016-01-2511:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2016-1612

google chrome

vulnerability

javascript

denial of service

nvd

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

8.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.072 Low

EPSS

Percentile

94.0%

JSON

The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.

CPENameOperatorVersion
google:chromegoogle chromele47.0.2526.106

CPE	Name	Operator	Version
google:chrome	google chrome	le	47.0.2526.106

References

googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html

rhn.redhat.com/errata/RHSA-2016-0072.html

www.debian.org/security/2016/dsa-3456

www.securityfocus.com/bid/81431

www.securitytracker.com/id/1034801

www.ubuntu.com/usn/USN-2877-1

chromium.googlesource.com/v8/v8/+/cfbd16172fa165cc33ce0e2e72f74e5561168a61

code.google.com/p/chromium/issues/detail?id=497632

codereview.chromium.org/1531583005

security.gentoo.org/glsa/201603-09

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

8.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.072 Low

EPSS

Percentile

94.0%

JSON

Related for CVE-2016-1612

debiancve1 ubuntucve1 prion1 zdt1 nessus10 ubuntu1 openvas10 suse3 archlinux1 freebsd1 mageia1 chrome1 debian2 osv1 kaspersky1 redhat1 gentoo1