CVE-2016-1669
Published: 13 May 2016
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
Notes
Author | Note |
---|---|
mikesalvatore | The Ubuntu Security Team does not support libv8 |
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
artful |
Released
(50.0.2661.102-0ubuntu1.1242)
|
bionic |
Released
(50.0.2661.102-0ubuntu1.1242)
|
|
cosmic |
Released
(50.0.2661.102-0ubuntu1.1242)
|
|
precise |
Ignored
|
|
trusty |
Released
(50.0.2661.102-0ubuntu0.14.04.1.1117)
|
|
upstream |
Released
(50.0.2661.102)
|
|
wily |
Released
(50.0.2661.102-0ubuntu0.15.10.1.1227)
|
|
xenial |
Released
(50.0.2661.102-0ubuntu0.16.04.1.1237)
|
|
yakkety |
Released
(50.0.2661.102-0ubuntu1.1242)
|
|
zesty |
Released
(50.0.2661.102-0ubuntu1.1242)
|
|
libv8 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
libv8-3.14 Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Ignored
(libv8 not supported)
|
|
cosmic |
Ignored
(end of life)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [libv8 not supported])
|
|
upstream |
Needed
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Ignored
(libv8 not supported)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
oxide-qt Launchpad, Ubuntu, Debian |
artful |
Released
(1.14.9-0ubuntu1)
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Released
(1.14.9-0ubuntu0.14.04.1)
|
|
upstream |
Released
(1.14.9)
|
|
wily |
Released
(1.14.9-0ubuntu0.15.10.1)
|
|
xenial |
Released
(1.14.9-0ubuntu0.16.04.1)
|
|
yakkety |
Released
(1.14.9-0ubuntu1)
|
|
zesty |
Released
(1.14.9-0ubuntu1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |