CVE-2016-1677

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-1677
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-1677.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-1677
Downstream
Related
Published
2016-06-05T23:59:05.927Z
Modified
2026-06-18T03:57:29.682925757Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "50.0.2661.102"
                }
            ],
            "vendor_product": "google:chrome"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "14.04"
                },
                {
                    "last_affected": "15.10"
                },
                {
                    "last_affected": "16.04"
                }
            ],
            "vendor_product": "canonical:ubuntu_linux"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "vendor_product": "debian:debian_linux"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "42.1"
                }
            ],
            "vendor_product": "opensuse:leap"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "13.2"
                }
            ],
            "vendor_product": "opensuse:opensuse"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "6.0"
                }
            ],
            "vendor_product": "redhat:enterprise_linux_desktop"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "6.0"
                }
            ],
            "vendor_product": "redhat:enterprise_linux_server"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "6.0"
                }
            ],
            "vendor_product": "redhat:enterprise_linux_workstation"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "12.0"
                }
            ],
            "vendor_product": "suse:linux_enterprise"
        }
    ]
}
References

Affected packages

Git / github.com/v8/v8

Affected ranges

Type
GIT
Repo
https://github.com/v8/v8
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
167dc63b4c9a1d0f0fe1b19af93644ac9a561e83
Database specific 
{
    "cpe": "cpe:2.3:a:google:v8:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.1.281"
        }
    ]
}

Affected versions

3.*
3.21.18
3.26.30
3.28.33
3.28.34
3.28.36
3.28.37
3.28.39
3.28.40
3.28.41
3.28.42
3.28.44
3.28.46
3.28.47
3.28.49
3.28.55
3.28.56
3.28.58
3.28.61
3.28.63
3.28.66
3.28.67
3.28.68
3.28.70
3.28.72
3.29.1
3.29.12
3.29.13
3.29.15
3.29.18
3.29.19
3.29.2
3.29.21
3.29.22
3.29.26
3.29.28
3.29.3
3.29.30
3.29.31
3.29.32
3.29.33
3.29.34
3.29.36
3.29.37
3.29.39
3.29.4
3.29.42
3.29.44
3.29.45
3.29.46
3.29.47
3.29.48
3.29.49
3.29.5
3.29.51
3.29.52
3.29.54
3.29.55
3.29.56
3.29.58
3.29.6
3.29.60
3.29.61
3.29.62
3.29.63
3.29.65
3.29.67
3.29.68
3.29.69
3.29.7
3.29.71
3.29.72
3.29.73
3.29.76
3.29.77
3.29.79
3.29.8
3.29.80
3.29.85
3.29.86
5.*
5.1.281

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-1677.json"