[email protected]NVD:CVE-2016-1669

HistoryMay 14, 2016 - 9:59 p.m.

CVE-2016-1669

2016-05-1421:59:09

CWE-119

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%

JSON

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.

Affected configurations

NVD

Node

debiandebian_linuxMatch8.0

Node

googlechromeRange≤50.0.2661.87

Node

opensuseopensuseMatch13.1

Node

googlev8Range≤5.0.71

Node

nodejsnode.jsRange0.10.0–0.10.46

nodejsnode.jsRange0.12.0–0.12.15

nodejsnode.jsRange4.0.0–4.1.2-

nodejsnode.jsRange4.2.0–4.4.6lts

nodejsnode.jsRange5.0.0–5.12.0-

nodejsnode.jsRange6.0.0–6.2.0-

Node

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch15.10

canonicalubuntu_linuxMatch16.04esm

References

googlechromereleases.blogspot.com/2016/05/stable-channel-update.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html

lists.opensuse.org/opensuse-updates/2016-07/msg00063.html

rhn.redhat.com/errata/RHSA-2016-1080.html

rhn.redhat.com/errata/RHSA-2017-0002.html

www.debian.org/security/2016/dsa-3590

www.securityfocus.com/bid/90584

www.securitytracker.com/id/1035872

www.ubuntu.com/usn/USN-2960-1

access.redhat.com/errata/RHSA-2017:0879

access.redhat.com/errata/RHSA-2017:0880

access.redhat.com/errata/RHSA-2017:0881

access.redhat.com/errata/RHSA-2017:0882

access.redhat.com/errata/RHSA-2018:0336

codereview.chromium.org/1945313002

crbug.com/606115

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/

security.gentoo.org/glsa/201605-02

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%

JSON

Related for NVD:CVE-2016-1669

ibm7 nessus20 redhat7 f51 veracode1 cvelist1 cve1 debiancve1 fedora2 ubuntucve1 openvas13 prion1 mageia2 nodejsblog1 archlinux1 suse4 freebsd1 threatpost1 kaspersky1 chrome1 ubuntu1 apple2 gentoo1 osv1 debian2