CVE-2016-1688

CWE-119 — Buffer Overflow10 documents7 sources

Severity

6.5MEDIUM

EPSS

4.8%

top 10.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Google V8 Canonical Ubuntu Linux +7 more

Timeline

PublishedJun 5

Latest updateMay 14

Description

The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages9 packages

▶NVDgoogle/chrome50.0.2661.102

▶NVDgoogle/v85.0.71

▶Ubuntuoxide-qt< 1.15.7-0ubuntu0.14.04.1+1

▶Ubuntuchromium-browser< 51.0.2704.79-0ubuntu0.14.04.1.1121+1

▶NVDopensuse/leap42.1

Also affects: Debian Linux 8.0, Linux Enterprise 12.0, Ubuntu Linux 14.04, 15.10, 16.04

🔴Vulnerability Details

GHSA

GHSA-792m-m544-p3wh: The regexp (aka regular expression) implementation in Google V8 before 5↗2022-05-14

▶

CVEList

CVE-2016-1688: The regexp (aka regular expression) implementation in Google V8 before 5↗2016-06-05

▶

OSV

CVE-2016-1688: The regexp (aka regular expression) implementation in Google V8 before 5↗2016-05-31

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2016-06-06

▶

Red Hat

chromium-browser: out-of-bounds read in v8↗2016-05-25

▶

💬Community

Bugzilla

CVE-2016-1688 chromium-browser: out-of-bounds read in v8↗2016-05-26

▶

Bugzilla

CVE-2016-2116 jasper: memory leak in jas_iccprof_createfrombuf()↗2016-03-03

▶