CVE-2016-1669

CWE-119Buffer OverflowCWE-190Integer Overflow13 documents9 sources
Severity
8.8HIGH
EPSS
1.6%
top 18.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Nodejs Node.jsGoogle ChromeGoogle V8+3 more
Timeline
PublishedMay 14
Latest updateMay 14

Description

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

NVDgoogle/chrome50.0.2661.87
NVDgoogle/v85.0.71
NVDnodejs/node.js0.10.00.10.46+5
Debiannodejs< 4.4.6~dfsg-1+3

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 15.10, 16.04

🔴Vulnerability Details

3
GHSA
GHSA-7wg6-6952-3vfv: The Zone::New function in zone2022-05-14
CVEList
CVE-2016-1669: The Zone::New function in zone2016-05-14
OSV
CVE-2016-1669: The Zone::New function in zone2016-05-14

📋Vendor Advisories

4
Apple
CVE-2016-1669: Xcode 8.12016-10-27
Ubuntu
Oxide vulnerabilities2016-05-18
Red Hat
V8: integer overflow leading to buffer overflow in Zone::New2016-05-11
Debian
CVE-2016-1669: nodejs - The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Goog...2016

💬Community

5
Bugzilla
CVE-2016-1669 chromium-browser,v8,nodejs: buffer overflow in v8 [epel-all]2016-07-07
Bugzilla
CVE-2016-1669 v8: chromium-browser,v8,nodejs: buffer overflow in v8 [epel-all]2016-07-07
Bugzilla
CVE-2016-1669 chromium-browser,v8,nodejs: buffer overflow in v8 [fedora-all]2016-07-07
Bugzilla
CVE-2016-1669 v8: chromium-browser,v8,nodejs: buffer overflow in v8 [fedora-all]2016-07-07
Bugzilla
CVE-2016-1669 V8: integer overflow leading to buffer overflow in Zone::New2016-05-12