← Volver a CVEs
CVE-2016-1646
HIGHCISA KEV8.8
Descripcion
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado3/29/2016
Ultima modificacion4/21/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorGoogle
ProductoChromium V8
Nombre vulnerabilidadGoogle Chromium V8 Out-of-Bounds Read Vulnerability
Fecha inclusion KEV2022-06-08
Fecha limite remediacion2022-06-22
Uso en ransomwareUnknown
Productos afectados
canonical:ubuntu_linuxdebian:debian_linuxgoogle:chromeopensuse:leapopensuse:opensuseredhat:enterprise_linux_desktopredhat:enterprise_linux_eusredhat:enterprise_linux_serverredhat:enterprise_linux_workstationsuse:package_hub
Debilidades (CWE)
CWE-125CWE-125
Referencias
http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html(chrome-cve-admin@google.com)
http://rhn.redhat.com/errata/RHSA-2016-0525.html(chrome-cve-admin@google.com)
http://www.debian.org/security/2016/dsa-3531(chrome-cve-admin@google.com)
http://www.securitytracker.com/id/1035423(chrome-cve-admin@google.com)
http://www.ubuntu.com/usn/USN-2955-1(chrome-cve-admin@google.com)
https://code.google.com/p/chromium/issues/detail?id=594574(chrome-cve-admin@google.com)
https://codereview.chromium.org/1804963002/(chrome-cve-admin@google.com)
https://security.gentoo.org/glsa/201605-02(chrome-cve-admin@google.com)
http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-0525.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3531(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1035423(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2955-1(af854a3a-2127-422b-91ae-364da2661108)
https://code.google.com/p/chromium/issues/detail?id=594574(af854a3a-2127-422b-91ae-364da2661108)
https://codereview.chromium.org/1804963002/(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201605-02(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-1646(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.