v8 is vulnerable to denial of service. An integer-overflow flaw was found in V8’s Zone class when allocating new memory (Zone::New()
and Zone::NewExpand()
). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges.
googlechromereleases.blogspot.com/2016/05/stable-channel-update.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html
lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html
lists.opensuse.org/opensuse-updates/2016-07/msg00063.html
rhn.redhat.com/errata/RHSA-2016-1080.html
rhn.redhat.com/errata/RHSA-2017-0002.html
www.debian.org/security/2016/dsa-3590
www.securityfocus.com/bid/90584
www.securitytracker.com/id/1035872
www.ubuntu.com/usn/USN-2960-1
access.redhat.com/errata/RHSA-2017:0002
access.redhat.com/errata/RHSA-2017:0879
access.redhat.com/errata/RHSA-2017:0880
access.redhat.com/errata/RHSA-2017:0881
access.redhat.com/errata/RHSA-2017:0882
access.redhat.com/errata/RHSA-2018:0336
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1388097
codereview.chromium.org/1945313002
crbug.com/606115
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
lists.fedoraproject.org/archives/list/[email protected]/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/
lists.fedoraproject.org/archives/list/[email protected]/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/
security.gentoo.org/glsa/201605-02