CVE-2016-1677

CWE-200Information Exposure8 documents7 sources
Severity
6.5MEDIUM
EPSS
12.6%
top 6.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Google ChromeGoogle V8Canonical Ubuntu Linux+7 more
Timeline
PublishedJun 5
Latest updateMay 14

Description

uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages9 packages

NVDgoogle/chrome50.0.2661.102
NVDgoogle/v85.1.281
Ubuntuoxide-qt< 1.15.7-0ubuntu0.14.04.1+1
Ubuntuchromium-browser< 51.0.2704.79-0ubuntu0.14.04.1.1121+1
NVDopensuse/leap42.1

Also affects: Debian Linux 8.0, Linux Enterprise 12.0, Ubuntu Linux 14.04, 15.10, 16.04

🔴Vulnerability Details

4
GHSA
GHSA-3hwq-9jq5-p7f9: uri2022-05-14
OSV
oxide-qt vulnerabilities2016-06-06
CVEList
CVE-2016-1677: uri2016-06-05
OSV
CVE-2016-1677: uri2016-05-31

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2016-06-06
Red Hat
chromium-browser: type confusion in v82016-05-25

💬Community

1
Bugzilla
CVE-2016-1677 chromium-browser: type confusion in v82016-05-26
CVE-2016-1677 (MEDIUM CVSS 6.5) | uri.js in Google V8 before 5.1.281. | cvebase.io