CVE-2016-5200 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents7 sources

Severity

8.8HIGHNVD

EPSS

2.7%

top 14.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Saltstack Salt Google Chrome

Timeline

PublishedJan 19

Latest updateMay 14

Description

V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDgoogle/chrome54.0.2840.87

▶PyPIsaltstack/salt2016.3.0 — 2016.3.5+2

🔴Vulnerability Details

GHSA

GHSA-hjwp-q5hc-9xxq: V8 in Google Chrome prior to 54↗2022-05-14

▶

GHSA

SaltStack Salt arbitrary command execution in Salt-api via ssh_client↗2022-05-13

▶

OSV

oxide-qt vulnerabilities↗2016-12-01

▶

OSV

CVE-2016-5200: V8 in Google Chrome prior to 54↗2016-11-11

▶

📋Vendor Advisories

Red Hat

salt: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client↗2017-01-20

▶

Ubuntu

Oxide vulnerabilities↗2016-12-01

▶

Red Hat

chromium-browser: out of bounds memory access in v8↗2016-11-09

▶

💬Community

Bugzilla

CVE-2017-5200 salt: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client↗2017-02-01

▶

Bugzilla

CVE-2016-5200 chromium-browser: out of bounds memory access in v8↗2016-11-10

▶

Bugzilla

CVE-2016-5199 CVE-2016-5200 CVE-2016-5201 CVE-2016-5202 chromium: various flaws [fedora-all]↗2016-11-10

▶