CVE-2016-1669

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.

Published: May 14, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-1669
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
debian / debian_linux	8.0	8.0.x
google / chrome	-	50.0.2661.87.x
opensuse / opensuse	13.1	13.1.x
google / v8	-	5.0.71.x
nodejs / node.js	4.0.0	4.1.2.x
nodejs / node.js	0.12.0	0.12.15
nodejs / node.js	0.10.0	0.10.46
nodejs / node.js	4.2.0	4.4.6
nodejs / node.js	6.0.0	6.2.0.x
nodejs / node.js	5.0.0	5.12.0
canonical / ubuntu_linux	15.10	15.10.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	16.04	16.04.x

Vulnerability Database

289,599

CVE-2016-1669