CVE-2016-1669

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:google:v8:*:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

History

07 Nov 2023, 02:30

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/', 'name': 'FEDORA-2016-e720bc8451', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/', 'name': 'FEDORA-2016-6fd3131c03', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/ -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:0882 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:0882 -
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html -
References (CONFIRM) https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541 - Third Party Advisory () https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541 -
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-1080.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2016-1080.html -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:0881 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:0881 -
References (DEBIAN) http://www.debian.org/security/2016/dsa-3590 - Third Party Advisory () http://www.debian.org/security/2016/dsa-3590 -
References (SECTRACK) http://www.securitytracker.com/id/1035872 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1035872 -
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html -
References (BID) http://www.securityfocus.com/bid/90584 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/90584 -
References (REDHAT) https://access.redhat.com/errata/RHSA-2018:0336 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2018:0336 -
References (GENTOO) https://security.gentoo.org/glsa/201605-02 - Third Party Advisory () https://security.gentoo.org/glsa/201605-02 -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:0880 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:0880 -
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2017-0002.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2017-0002.html -
References (CONFIRM) http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html - Vendor Advisory () http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html -
References (SUSE) http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:0879 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:0879 -
References (UBUNTU) http://www.ubuntu.com/usn/USN-2960-1 - Third Party Advisory () http://www.ubuntu.com/usn/USN-2960-1 -
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html -
References (CONFIRM) https://codereview.chromium.org/1945313002 - Third Party Advisory () https://codereview.chromium.org/1945313002 -
References (CONFIRM) https://crbug.com/606115 - Third Party Advisory () https://crbug.com/606115 -

19 Jan 2023, 16:26

Type Values Removed Values Added
CPE cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*

16 Aug 2022, 13:18

Type Values Removed Values Added
References (CONFIRM) https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541 - (CONFIRM) https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:0880 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:0880 - Third Party Advisory
References (CONFIRM) https://crbug.com/606115 - (CONFIRM) https://crbug.com/606115 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html - (SUSE) http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html - Mailing List, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2018:0336 - (REDHAT) https://access.redhat.com/errata/RHSA-2018:0336 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/ - Mailing List, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:0879 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:0879 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:0881 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:0881 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html - Mailing List, Third Party Advisory
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-1080.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-1080.html - Third Party Advisory
References (CONFIRM) https://codereview.chromium.org/1945313002 - (CONFIRM) https://codereview.chromium.org/1945313002 - Third Party Advisory
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2017-0002.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2017-0002.html - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/ - Mailing List, Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/201605-02 - (GENTOO) https://security.gentoo.org/glsa/201605-02 - Third Party Advisory
References (SECTRACK) http://www.securitytracker.com/id/1035872 - (SECTRACK) http://www.securitytracker.com/id/1035872 - Third Party Advisory, VDB Entry
References (UBUNTU) http://www.ubuntu.com/usn/USN-2960-1 - (UBUNTU) http://www.ubuntu.com/usn/USN-2960-1 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:0882 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:0882 - Third Party Advisory
References (BID) http://www.securityfocus.com/bid/90584 - (BID) http://www.securityfocus.com/bid/90584 - Third Party Advisory, VDB Entry
CPE cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
First Time Nodejs
Canonical
Nodejs node.js
Canonical ubuntu Linux

Information

Published : 2016-05-14 21:59

Updated : 2023-12-10 11:46


NVD link : CVE-2016-1669

Mitre link : CVE-2016-1669

CVE.ORG link : CVE-2016-1669


JSON object : View

Products Affected

google

  • v8
  • chrome

opensuse

  • opensuse

nodejs

  • node.js

debian

  • debian_linux

canonical

  • ubuntu_linux
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer