← Zuruck zu CVEs
CVE-2016-1646
HIGHCISA KEV8.8
Beschreibung
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
CVE Details
CVSS v3.1 Bewertung8.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht3/29/2016
Zuletzt geandert4/21/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerGoogle
ProduktChromium V8
SchwachstellennameGoogle Chromium V8 Out-of-Bounds Read Vulnerability
KEV Aufnahmedatum2022-06-08
Behebungsfrist2022-06-22
Ransomware-NutzungUnknown
Betroffene Produkte
canonical:ubuntu_linuxdebian:debian_linuxgoogle:chromeopensuse:leapopensuse:opensuseredhat:enterprise_linux_desktopredhat:enterprise_linux_eusredhat:enterprise_linux_serverredhat:enterprise_linux_workstationsuse:package_hub
Schwachen (CWE)
CWE-125CWE-125
Referenzen
http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html(chrome-cve-admin@google.com)
http://rhn.redhat.com/errata/RHSA-2016-0525.html(chrome-cve-admin@google.com)
http://www.debian.org/security/2016/dsa-3531(chrome-cve-admin@google.com)
http://www.securitytracker.com/id/1035423(chrome-cve-admin@google.com)
http://www.ubuntu.com/usn/USN-2955-1(chrome-cve-admin@google.com)
https://code.google.com/p/chromium/issues/detail?id=594574(chrome-cve-admin@google.com)
https://codereview.chromium.org/1804963002/(chrome-cve-admin@google.com)
https://security.gentoo.org/glsa/201605-02(chrome-cve-admin@google.com)
http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-0525.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3531(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1035423(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2955-1(af854a3a-2127-422b-91ae-364da2661108)
https://code.google.com/p/chromium/issues/detail?id=594574(af854a3a-2127-422b-91ae-364da2661108)
https://codereview.chromium.org/1804963002/(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201605-02(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-1646(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.