Lucene search

ChromeCVE-2016-1660

HistoryMay 14, 2016 - 9:59 p.m.

CVE-2016-1660

2016-05-1421:59:00

CWE-20

Chrome

web.nvd.nist.gov

cwe-119

cve-2016-1660

information security

google chrome

blink

remote attack

denial of service

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.009

Percentile

82.8%

JSON

Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.

Affected configurations

Nvd

Node

opensuseopensuseMatch13.1

Node

redhatenterprise_linux_desktop_supplementaryMatch6.0

redhatenterprise_linux_server_supplementaryMatch6.0

redhatenterprise_linux_server_supplementary_eusMatch6.7z

redhatenterprise_linux_workstation_supplementaryMatch6.0

Node

googlechromeRange≤50.0.2661.87

VendorProductVersionCPE
opensuseopensuse13.1cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
redhatenterprise_linux_desktop_supplementary6.0cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_server_supplementary6.0cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_server_supplementary_eus6.7zcpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*
redhatenterprise_linux_workstation_supplementary6.0cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opensuse	opensuse	13.1	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
redhat	enterprise_linux_desktop_supplementary	6.0	cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:::::::*
redhat	enterprise_linux_server_supplementary	6.0	cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:::::::*
redhat	enterprise_linux_server_supplementary_eus	6.7z	cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:::::::*
redhat	enterprise_linux_workstation_supplementary	6.0	cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:::::::*
google	chrome	*	cpe:2.3:a:google:chrome::::::::