CVE-2016-1646
KEV
🔴 Łataj teraz
Błąd w Array.prototype.concat w Google V8 pozwala na zdalne wywołanie błędu i odmowę usługi.
CVSS
8.8
EPSS
66.9%
Exploit
weaponized
Vendor
redhat
Opis źródłowy (NVD)
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
dos exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 8.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 66.9% |
| Opublikowano (NVD) | 2016-03-29 10:59:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 17:50:52 UTC |
Referencje
- http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html (chrome-cve-admin@google.com) [Release Notes, Vendor Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html (chrome-cve-admin@google.com) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html (chrome-cve-admin@google.com) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html (chrome-cve-admin@google.com) [Mailing List, Third Party Advisory]
- http://rhn.redhat.com/errata/RHSA-2016-0525.html (chrome-cve-admin@google.com) [Third Party Advisory]
- http://www.debian.org/security/2016/dsa-3531 (chrome-cve-admin@google.com) [Mailing List, Third Party Advisory]
- http://www.securitytracker.com/id/1035423 (chrome-cve-admin@google.com) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.ubuntu.com/usn/USN-2955-1 (chrome-cve-admin@google.com) [Third Party Advisory]
- https://code.google.com/p/chromium/issues/detail?id=594574 (chrome-cve-admin@google.com) [Exploit, Issue Tracking, Mailing List]
- https://codereview.chromium.org/1804963002/ (chrome-cve-admin@google.com) [Patch]
- https://security.gentoo.org/glsa/201605-02 (chrome-cve-admin@google.com) [Third Party Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-1646 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]