CVE-2016-1669

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/node
Events: Introduced

163ca274230fce536afe76c64676c332693ad7c1

Fixed

5f6827d244c15f9e13f13f14fadf16f988a2434b

Introduced

2b18916ff054309a07408719b62e2b6a4f1e056a

Fixed

2bd9dabf798fb7e00f6bbdfa0f68e6da211d22cb

Introduced

384e6c2dfe968002800bc3d3224a57aa19ffdfee

Fixed

325e1194ce111d43b31dfdf2e2944a73411276d9

Introduced

6dc12b1042d5d4727f77e8a1c5758dab91400069

Fixed

a4d9beb28a9b2884ba5c2e1bccd461ac4c179901

Affected versions

v0.*

v0.10.0

v0.10.1

v0.10.10

v0.10.11

v0.10.12

v0.10.13

v0.10.14

v0.10.15

v0.10.16

v0.10.17

v0.10.18

v0.10.19

v0.10.2

v0.10.20

v0.10.21

v0.10.22

v0.10.23

v0.10.24

v0.10.25

v0.10.26

v0.10.27

v0.10.28

v0.10.29

v0.10.3

v0.10.30

v0.10.31

v0.10.32

v0.10.33

v0.10.34

v0.10.35

v0.10.36

v0.10.37

v0.10.38

v0.10.39

v0.10.4

v0.10.40

v0.10.41

v0.10.42

v0.10.43

v0.10.44

v0.10.45

v0.10.5

v0.10.6

v0.10.7

v0.10.8

v0.10.9

v0.11.0

v0.11.1

v0.11.10

v0.11.11

v0.11.12

v0.11.13

v0.11.15

v0.11.16

v0.11.2

v0.11.3

v0.11.4

v0.11.5

v0.11.6

v0.11.7

v0.11.8

v0.11.9

v0.12.0

v0.12.1

v0.12.10

v0.12.11

v0.12.12

v0.12.13

v0.12.14

v0.12.2

v0.12.3

v0.12.4

v0.12.5

v0.12.6

v0.12.7

v0.12.8

v0.12.9

v1.*

v1.0.0

v1.0.0-release

v1.0.1

v1.0.1-release

v1.0.2

v1.0.2-release

v1.0.3

v1.0.4

v1.1.0

v1.2.0

v1.3.0

v1.4.1

v1.4.2

v1.4.3

v1.5.0

v1.5.1

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.6.4

v1.7.0

v1.7.1

v1.8.1

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.1.0

v2.2.0

v2.2.1

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.4.0

v2.5.0

v3.*

v3.0.0

v4.*

v4.0.0

v4.1.0

v4.1.1

v4.1.2

v4.2.0

v4.2.1

v4.2.2

v4.2.3

v4.2.4

v4.2.5

v4.2.6

v4.3.0

v4.3.1

v4.3.2

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.4.4

v4.4.5

v5.*

v5.0.0

v5.1.0

v5.1.1

v5.10.0

v5.10.1

v5.11.1

v5.2.0

v5.3.0

v5.4.0

v5.4.1

v5.5.0

v5.6.0

v5.7.0

v5.7.1

v5.8.0

v5.9.0

v5.9.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-1669.json"

Git / github.com/phpmyadmin/phpmyadmin

Affected ranges

Type: GIT
Repo: https://github.com/phpmyadmin/phpmyadmin
Events: Introduced

2df5f88ea8a59485befb02d6763e96d4666a0887

Fixed

dba2af651a53d5037296a1dc827081a94ef1062c

Affected versions

Other

RELEASE_4_2_0

RELEASE_4_2_10

RELEASE_4_2_10_1

RELEASE_4_2_13

RELEASE_4_2_13_1

RELEASE_4_2_7

RELEASE_4_2_7_1

RELEASE_4_2_8

RELEASE_4_2_9

RELEASE_4_2_9_1

RELEASE_4_3_0ALPHA1

RELEASE_4_3_0BETA1

RELEASE_4_3_0RC1

RELEASE_4_3_0RC2

RELEASE_4_4_0ALPHA1

RELEASE_4_4_1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-1669.json"

Git / github.com/v8/v8

Affected ranges

Type: GIT
Repo: https://github.com/v8/v8
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

86aa944825a96e2fe80e85f479e4a805d0868cf9

Affected versions

3.*

3.21.18

3.26.30

3.28.33

3.28.34

3.28.36

3.28.37

3.28.39

3.28.40

3.28.41

3.28.42

3.28.44

3.28.46

3.28.47

3.28.49

3.28.55

3.28.56

3.28.58

3.28.61

3.28.63

3.28.66

3.28.67

3.28.68

3.28.70

3.28.72

3.29.1

3.29.12

3.29.13

3.29.15

3.29.18

3.29.19

3.29.2

3.29.21

3.29.22

3.29.26

3.29.28

3.29.3

3.29.30

3.29.31

3.29.32

3.29.33

3.29.34

3.29.36

3.29.37

3.29.39

3.29.4

3.29.42

3.29.44

3.29.45

3.29.46

3.29.47

3.29.48

3.29.49

3.29.5

3.29.51

3.29.52

3.29.54

3.29.55

3.29.56

3.29.58

3.29.6

3.29.60

3.29.61

3.29.62

3.29.63

3.29.65

3.29.67

3.29.68

3.29.69

3.29.7

3.29.71

3.29.72

3.29.73

3.29.76

3.29.77

3.29.79

3.29.8

3.29.80

3.29.85

3.29.86

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-1669.json"