Vulnerability CVE-2016-1669: Information

Description

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1669

Published: May 15, 2016

Modified: Nov. 7, 2023

Error type identifier: CWE-119

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
chromium	sisyphus	54.0.2840.59-alt2	125.0.6422.112-alt1	ALT-PU-2016-2194-1	171432	Fixed
chromium	p10	54.0.2840.59-alt2	119.0.6045.159-alt0.p10.1	ALT-PU-2016-2194-1	171432	Fixed
chromium	p9	54.0.2840.59-alt2	97.0.4692.99-alt0.p9.1	ALT-PU-2016-2194-1	171432	Fixed
chromium	p8	54.0.2840.59-alt1.M80P.1	61.0.3163.100-alt0.M80P.1	ALT-PU-2016-2196-1	171450	Fixed
chromium	c10f1	54.0.2840.59-alt2	110.0.5481.177-alt1.p10.1	ALT-PU-2016-2194-1	171432	Fixed
chromium	c9f2	54.0.2840.59-alt2	84.0.4147.105-alt1.1.p9	ALT-PU-2016-2194-1	171432	Fixed
node	sisyphus	4.4.7-alt1	20.13.1-alt1	ALT-PU-2016-1755-1	167008	Fixed
node	p10	4.4.7-alt1	16.19.1-alt1	ALT-PU-2016-1755-1	167008	Fixed
node	p9	4.4.7-alt1	14.17.2-alt1	ALT-PU-2016-1755-1	167008	Fixed
node	p8	4.4.7-alt1	8.11.4-alt0.M80P.1	ALT-PU-2016-1757-1	167017	Fixed
node	c10f1	4.4.7-alt1	16.19.1-alt1	ALT-PU-2016-1755-1	167008	Fixed
node	c9f2	4.4.7-alt1	16.19.1-alt0.c9.1	ALT-PU-2016-1755-1	167008	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
90584
RHSA-2017:0880
1035872
RHSA-2016:1080
openSUSE-SU-2016:1304
RHSA-2017:0881
https://codereview.chromium.org/1945313002
RHSA-2018:0336
RHSA-2017:0882
openSUSE-SU-2016:1655
DSA-3590
USN-2960-1
FEDORA-2016-6fd3131c03
FEDORA-2016-e720bc8451
https://crbug.com/606115
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
RHSA-2017:0879
http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html
openSUSE-SU-2016:1834
RHSA-2017:0002
openSUSE-SU-2016:1319
GLSA-201605-02

Affected configurations:
1. Configuration 1
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  
  Configuration 2
  cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
  End including
  50.0.2661.87
  
  Configuration 3
  cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:a:google:v8:*:*:*:*:*:*:*:*
  End including
  5.0.71
  
  Configuration 5
  cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
  Start including
  4.0.0
  End including
  4.1.2
  cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
  Start including
  0.12.0
  End excliding
  0.12.15
  cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
  Start including
  0.10.0
  End excliding
  0.10.46
  cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
  Start including
  4.2.0
  End excliding
  4.4.6
  cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
  Start including
  6.0.0
  End including
  6.2.0
  cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
  Start including
  5.0.0
  End excliding
  5.12.0
  
  Configuration 6
  cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

Version: v24.5.1

Vulnerability CVE-2016-1669: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6