CVE-2016-1669

Summary

CVE	CVE-2016-1669
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2016-05-14 21:59:00 UTC
Updated	2023-11-07 02:30:00 UTC
Description	The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	15.10	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Application	Google	Chrome	All	All	All	All
Application	Google	V8	All	All	All	All
Application	Nodejs	Node.js	All	All	All	All
Application	Nodejs	Node.js	All	All	All	All
Application	Nodejs	Node.js	All	All	All	All
Application	Nodejs	Node.js	All	All	All	All
Application	Nodejs	Node.js	All	All	All	All
Operating System	Opensuse	Opensuse	13.1	All	All	All
Operating System	Opensuse	Opensuse	13.1	All	All	All

References

Reference	Source	Link	Tags
USN-2960-1: Oxide vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
[security-announce] openSUSE-SU-2016:1319-1: important: Security update	SUSE	lists.opensuse.org
openSUSE-SU-2016:1834-1: moderate: Security update for nodejs	SUSE	lists.opensuse.org
Chrome Releases: Stable Channel Update		googlechromereleases.blogspot.com
Red Hat Customer Portal		access.redhat.com
Red Hat Customer Portal		rhn.redhat.com
HPE Support document - HPE Support Center	CONFIRM	h20566.www2.hpe.com
[security-announce] openSUSE-SU-2016:1655-1: important: Security update	SUSE	lists.opensuse.org	Third Party Advisory
Red Hat Customer Portal		access.redhat.com
Red Hat Customer Portal	REDHAT	access.redhat.com
Chromium: Multiple vulnerabilities (GLSA 201605-02) — Gentoo security	GENTOO	security.gentoo.org
Google Chrome Prior to 50.0.2661.102 Multiple Security Vulnerabilities		www.securityfocus.com
Red Hat Customer Portal		access.redhat.com
[security-announce] openSUSE-SU-2016:1304-1: important: Security update	SUSE	lists.opensuse.org
Issue 1945313002: Version 5.0.71.47 (cherry-pick) - Code Review	CONFIRM	codereview.chromium.org
[SECURITY] Fedora 23 Update: v8-3.14.5.10-25.fc23 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Debian -- Security Information -- DSA-3590-1 chromium-browser		www.debian.org
Red Hat Customer Portal	REDHAT	access.redhat.com
606115 - chromium - An open-source project to help move the web forward. - Monorail		crbug.com
Red Hat Customer Portal		rhn.redhat.com
[SECURITY] Fedora 23 Update: v8-3.14.5.10-25.fc23 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Google Chrome Multiple Flaws Lets Remote Users Bypass Same-Origin Restrictions, Traverse the Directory, and Execute Arbitrary Code - SecurityTracker	SECTRACK	www.securitytracker.com
[SECURITY] Fedora 24 Update: v8-3.14.5.10-25.fc24 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 24 Update: v8-3.14.5.10-25.fc24 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.