← Back to CVEs
CVE-2015-6764
CRITICAL9.8
Description
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published12/6/2015
Last Modified4/12/2025
Sourcenvd
Honeypot Sightings0
Affected Products
debian:debian_linuxgoogle:chromenodejs:node.js
Weaknesses (CWE)
CWE-119
References
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html(chrome-cve-admin@google.com)
http://www.debian.org/security/2015/dsa-3415(chrome-cve-admin@google.com)
http://www.securityfocus.com/bid/78209(chrome-cve-admin@google.com)
http://www.securitytracker.com/id/1034298(chrome-cve-admin@google.com)
https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc(chrome-cve-admin@google.com)
https://code.google.com/p/chromium/issues/detail?id=554946(chrome-cve-admin@google.com)
https://codereview.chromium.org/1440223002(chrome-cve-admin@google.com)
https://security.gentoo.org/glsa/201603-09(chrome-cve-admin@google.com)
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2015/dsa-3415(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/78209(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1034298(af854a3a-2127-422b-91ae-364da2661108)
https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc(af854a3a-2127-422b-91ae-364da2661108)
https://code.google.com/p/chromium/issues/detail?id=554946(af854a3a-2127-422b-91ae-364da2661108)
https://codereview.chromium.org/1440223002(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201603-09(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.