The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 15.10 | |
ubuntu_linux | eq | 14.04 | |
ubuntu_linux | eq | 16.04 | |
debian_linux | eq | 8.0 | |
chrome | le | 50.0.2661.87 | |
v8 | le | 5.0.71 | |
node.js | ge | 4.0.0 | |
node.js | le | 4.1.2 | |
node.js | ge | 0.12.0 | |
node.js | lt | 0.12.15 |
lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html
lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html
lists.opensuse.org/opensuse-updates/2016-07/msg00063.html
rhn.redhat.com/errata/RHSA-2016-1080.html
rhn.redhat.com/errata/RHSA-2017-0002.html
www.debian.org/security/2016/dsa-3590
www.securityfocus.com/bid/90584
www.securitytracker.com/id/1035872
www.ubuntu.com/usn/USN-2960-1
access.redhat.com/errata/RHSA-2017:0879
access.redhat.com/errata/RHSA-2017:0880
access.redhat.com/errata/RHSA-2017:0881
access.redhat.com/errata/RHSA-2017:0882
access.redhat.com/errata/RHSA-2018:0336
codereview.chromium.org/1945313002
crbug.com/606115
googlechromereleases.blogspot.com/2016/05/stable-channel-update.html
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/
security.gentoo.org/glsa/201605-02