Lucene search

[email protected]CVE-2016-5127

HistoryJul 23, 2016 - 7:59 p.m.

CVE-2016-5127

2016-07-2319:59:00

CWE-416

[email protected]

web.nvd.nist.gov

cve-2016-5127

webkit

blink

google chrome

use-after-free

vulnerability

denial of service

javascript

css

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.8%

JSON

Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element.

CPENameOperatorVersion
google:chromegoogle chromele51.0.2704.106

CPE	Name	Operator	Version
google:chrome	google chrome	le	51.0.2704.106

References

googlechromereleases.blogspot.com/2016/07/stable-channel-update.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html

rhn.redhat.com/errata/RHSA-2016-1485.html

www.debian.org/security/2016/dsa-3637

www.securityfocus.com/bid/92053

www.securitytracker.com/id/1036428

www.ubuntu.com/usn/USN-3041-1

codereview.chromium.org/2082893005/

codereview.chromium.org/2091633002

crbug.com/618237

security.gentoo.org/glsa/201610-09

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.8%

JSON

Related for CVE-2016-5127

ubuntucve1 prion1 redhatcve1 debiancve1 nessus11 ubuntu1 openvas10 redhat1 threatpost1 archlinux1 freebsd1 suse4 chrome1 mageia1 kaspersky1 osv1 debian2 gentoo1