製品・ソフトウェアに関する情報

JVN脆弱性詳細

Google Chrome で使用される Google V8 の zone.cc の Zone::New 関数におけるサービス運用妨害 (DoS) の脆弱性

Title	Google Chrome で使用される Google V8 の zone.cc の Zone::New 関数におけるサービス運用妨害 (DoS) の脆弱性
Summary	Google Chrome で使用される Google V8 の zone.cc の Zone::New 関数は、特定のメモリ割り当てへの展開のタイミングを適切に判断しないため、サービス運用妨害 (バッファオーバーフロー) 状態にされるなど、不特定の影響を受ける脆弱性が存在します。
Possible impacts	第三者により、巧妙に細工された JavaScript コードを介して、サービス運用妨害 (バッファオーバーフロー) 状態にされるなど、不特定の影響を受ける脆弱性可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 11, 2016, midnight
Registration Date	May 20, 2016, 4:49 p.m.
Last Update	May 20, 2016, 4:49 p.m.

CVSS3.0 : 重要
Score	8.8
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS2.0 : 危険
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected System

Google

Google Chrome 50.0.2661.102 未満

V8 JavaScript Engine 5.0.71.47 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-1669	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669
National Vulnerability Database (NVD)
2	CVE-2016-1669	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1669

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Chromium Code Reviews
1	Issue 1945313002	https://codereview.chromium.org/1945313002
Google
2	Google Chrome	https://www.google.com/intl/ja/chrome/browser/features.html
3	Stable Channel Update	http://googlechromereleases.blogspot.jp/2016/05/stable-channel-update.html

Change Log

No	Changed Details	Date of change
0	[2016年05月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-1669

Summary	The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
Publication Date	May 15, 2016, 6:59 a.m.
Registration Date	Jan. 26, 2021, 2:07 p.m.
Last Update	Nov. 21, 2024, 11:46 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:google:chrome::::::::			50.0.2661.87

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:opensuse:opensuse:13.1:::::::*

Configuration4		or higher	or less	more than	less than
cpe:2.3:a:google:v8::::::::			5.0.71

Configuration5	or higher	or less	more than	less than
cpe:2.3:a:nodejs:node.js:::::-:::*	4.0.0	4.1.2
cpe:2.3:a:nodejs:node.js::::::::	0.12.0			0.12.15
cpe:2.3:a:nodejs:node.js::::::::	0.10.0			0.10.46
cpe:2.3:a:nodejs:node.js:::::lts:::*	4.2.0			4.4.6
cpe:2.3:a:nodejs:node.js:::::-:::*	6.0.0	6.2.0
cpe:2.3:a:nodejs:node.js:::::-:::*	5.0.0			5.12.0

Configuration6	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

Related information, measures and tools

No	URL	refsource	タグ
1	http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html
2	http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html
3	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html
4	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html
5	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html
6	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html
7	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html
8	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html
9	http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html
10	http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html
11	http://rhn.redhat.com/errata/RHSA-2016-1080.html
12	http://rhn.redhat.com/errata/RHSA-2016-1080.html
13	http://rhn.redhat.com/errata/RHSA-2017-0002.html
14	http://rhn.redhat.com/errata/RHSA-2017-0002.html
15	http://www.debian.org/security/2016/dsa-3590
16	http://www.debian.org/security/2016/dsa-3590
17	http://www.securityfocus.com/bid/90584
18	http://www.securityfocus.com/bid/90584
19	http://www.securitytracker.com/id/1035872
20	http://www.securitytracker.com/id/1035872
21	http://www.ubuntu.com/usn/USN-2960-1
22	http://www.ubuntu.com/usn/USN-2960-1
23	https://access.redhat.com/errata/RHSA-2017:0879
24	https://access.redhat.com/errata/RHSA-2017:0879
25	https://access.redhat.com/errata/RHSA-2017:0880
26	https://access.redhat.com/errata/RHSA-2017:0880
27	https://access.redhat.com/errata/RHSA-2017:0881
28	https://access.redhat.com/errata/RHSA-2017:0881
29	https://access.redhat.com/errata/RHSA-2017:0882
30	https://access.redhat.com/errata/RHSA-2017:0882
31	https://access.redhat.com/errata/RHSA-2018:0336
32	https://access.redhat.com/errata/RHSA-2018:0336
33	https://codereview.chromium.org/1945313002
34	https://codereview.chromium.org/1945313002
35	https://crbug.com/606115
36	https://crbug.com/606115
37	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
38	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
39	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/
40	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/
41	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/
42	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/
43	https://security.gentoo.org/glsa/201605-02
44	https://security.gentoo.org/glsa/201605-02

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html