CVE-2016-1646 Information

Feb 14, 2021 cve

Description

The Array.prototype.concat implementation in builtins.cc in Google V8 as used in Google Chrome before 49.0.2623.108 does not properly consider element data types which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0525.html http://www.debian.org/security/2016/dsa-3531 http://www.securitytracker.com/id/1035423 http://www.ubuntu.com/usn/USN-2955-1 https://code.google.com/p/chromium/issues/detail?id=594574 https://codereview.chromium.org/1804963002/ https://security.gentoo.org/glsa/201605-02

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8

Share on: