CVE-2014-3152

CWE-189CWE-190Integer Overflow10 documents8 sources
Severity
7.5HIGH
EPSS
3.2%
top 13.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google ChromeGoogle V8Fedoraproject Fedora
Timeline
PublishedMay 21
Latest updateMay 14

Description

Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

NVDgoogle/chrome35.0.1916.113+79
NVDgoogle/v83.25.28+28
Ubuntuoxide-qt< 1.0.4-0ubuntu0.14.04.1
Ubuntuchromium-browser< 36.0.1985.125-0ubuntu1.14.04.0~pkg1029

Also affects: Fedora 20, 21, 22

🔴Vulnerability Details

3
GHSA
GHSA-3x5j-mj7x-jgpm: Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm2022-05-14
CVEList
CVE-2014-3152: Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm2014-05-21
OSV
CVE-2014-3152: Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm2014-05-21

💥Exploits & PoCs

1
Exploit-DB
Oracle Forms and Reports 11.1 - Arbitrary Code Execution2014-01-29

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2014-07-23
Red Hat
v8: integer underflow fixed in Google Chrome 35.0.1916.1142014-03-31

💬Community

3
Bugzilla
CVE-2014-3152 v8: integer underflow fixed in Google Chrome 35.0.1916.114 [epel-6]2014-05-26
Bugzilla
CVE-2014-3152 v8: integer underflow fixed in Google Chrome 35.0.1916.1142014-05-26
Bugzilla
CVE-2014-3152 v8: integer underflow fixed in Google Chrome 35.0.1916.114 [fedora-all]2014-05-26
CVE-2014-3152 (HIGH CVSS 7.5) | Integer underflow in the LCodeGen:: | cvebase.io