← Retour aux CVEs
CVE-2016-1646
HIGHCISA KEV8.8
Description
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie3/29/2016
Derniere modification4/21/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurGoogle
ProduitChromium V8
Nom vulnerabiliteGoogle Chromium V8 Out-of-Bounds Read Vulnerability
Date ajout KEV2022-06-08
Date limite remediation2022-06-22
Utilise dans ransomwareUnknown
Produits affectes
canonical:ubuntu_linuxdebian:debian_linuxgoogle:chromeopensuse:leapopensuse:opensuseredhat:enterprise_linux_desktopredhat:enterprise_linux_eusredhat:enterprise_linux_serverredhat:enterprise_linux_workstationsuse:package_hub
Faiblesses (CWE)
CWE-125CWE-125
References
http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html(chrome-cve-admin@google.com)
http://rhn.redhat.com/errata/RHSA-2016-0525.html(chrome-cve-admin@google.com)
http://www.debian.org/security/2016/dsa-3531(chrome-cve-admin@google.com)
http://www.securitytracker.com/id/1035423(chrome-cve-admin@google.com)
http://www.ubuntu.com/usn/USN-2955-1(chrome-cve-admin@google.com)
https://code.google.com/p/chromium/issues/detail?id=594574(chrome-cve-admin@google.com)
https://codereview.chromium.org/1804963002/(chrome-cve-admin@google.com)
https://security.gentoo.org/glsa/201605-02(chrome-cve-admin@google.com)
http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-0525.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3531(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1035423(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2955-1(af854a3a-2127-422b-91ae-364da2661108)
https://code.google.com/p/chromium/issues/detail?id=594574(af854a3a-2127-422b-91ae-364da2661108)
https://codereview.chromium.org/1804963002/(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201605-02(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-1646(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.