製品・ソフトウェアに関する情報

JVN脆弱性詳細

Google Chrome の V8 におけるサービス運用妨害 (DoS) の脆弱性

Title	Google Chrome の V8 におけるサービス運用妨害 (DoS) の脆弱性
Summary	Google Chrome の V8 には、解放済みメモリの使用 (Use-after-free) により、サービス運用妨害 (クラッシュ) 状態にされるなど、不特定の影響を受ける脆弱性が存在します。
Possible impacts	リモートの攻撃者により、サービス運用妨害 (クラッシュ) 状態にされるにされるなど、不特定の影響を受ける脆弱性が存在します。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 29, 2016, midnight
Registration Date	June 9, 2017, 7:20 p.m.
Last Update	June 9, 2017, 7:20 p.m.

CVSS3.0 : 重要
Score	8.8
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS2.0 : 警告
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected System

レッドハット

Red Hat Enterprise Linux Server Supplementary 6.0

Red Hat Enterprise Linux Workstation Supplementary 6.0

Debian

Debian GNU/Linux 8.0

Fedora Project

Fedora 24

Fedora 25

Google

Google Chrome 53.0.2785.143 未満

openSUSE project

openSUSE 13.2

openSUSE Leap 42.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-5177	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5177
National Vulnerability Database (NVD)
2	CVE-2016-5177	https://nvd.nist.gov/vuln/detail/CVE-2016-5177

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-416	https://cwe.mitre.org/data/definitions/416.html

ベンダー情報

No	Name	URL
Debian Security Advisory
1	DSA-3683	https://www.debian.org/security/2016/dsa-3683
Fedora Update Notification
2	FEDORA-2016-a90040934d	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNUTOWCXLWVXOTGQUS53DSRVTO3J226Z/
3	FEDORA-2016-d61c4f72da	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FWZVE5PX27FWPLGOPDA7ZC5MILOWN6K/
Google
4	Stable Channel Update	https://chromereleases.googleblog.com/2016/09/stable-channel-update-for-desktop_29.html
Google Chrome
5	Google Chrome	https://www.google.com/intl/ja/chrome/browser/features.html
opensuse-security-announce
6	openSUSE-SU-2016:2429	https://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html
7	openSUSE-SU-2016:2432	https://lists.opensuse.org/opensuse-updates/2016-10/msg00001.html
Red Hat Bugzilla
8	Bug 1380631	https://bugzilla.redhat.com/show_bug.cgi?id=1380631
Red Hat Customer Portal
9	RHSA-2016:2007	http://rhn.redhat.com/errata/RHSA-2016-2007.html

Change Log

No	Changed Details	Date of change
0	[2017年06月09日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-5177

Summary	Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.
Publication Date	May 23, 2017, 1:29 p.m.
Registration Date	Jan. 26, 2021, 2:13 p.m.
Last Update	Nov. 21, 2024, 11:53 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:google:chrome::::::::			53.0.2785.129

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:opensuse:leap:42.1:::::::*
cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:::::::*

Configuration5	or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:25:::::::*
cpe:2.3:o:fedoraproject:fedora:24:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html
2	http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html
3	http://lists.opensuse.org/opensuse-updates/2016-10/msg00001.html
4	http://lists.opensuse.org/opensuse-updates/2016-10/msg00001.html
5	http://rhn.redhat.com/errata/RHSA-2016-2007.html
6	http://rhn.redhat.com/errata/RHSA-2016-2007.html
7	http://www.debian.org/security/2016/dsa-3683
8	http://www.debian.org/security/2016/dsa-3683
9	http://www.securityfocus.com/bid/93238
10	http://www.securityfocus.com/bid/93238
11	http://www.securitytracker.com/id/1036970
12	http://www.securitytracker.com/id/1036970
13	https://bugzilla.redhat.com/show_bug.cgi?id=1380631
14	https://bugzilla.redhat.com/show_bug.cgi?id=1380631
15	https://chromereleases.googleblog.com/2016/09/stable-channel-update-for-desktop_29.html
16	https://chromereleases.googleblog.com/2016/09/stable-channel-update-for-desktop_29.html
17	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FWZVE5PX27FWPLGOPDA7ZC5MILOWN6K/
18	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FWZVE5PX27FWPLGOPDA7ZC5MILOWN6K/
19	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNUTOWCXLWVXOTGQUS53DSRVTO3J226Z/
20	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNUTOWCXLWVXOTGQUS53DSRVTO3J226Z/
21	https://security.gentoo.org/glsa/201610-09
22	https://security.gentoo.org/glsa/201610-09

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-416	解放済みメモリの使用	https://cwe.mitre.org/data/definitions/416.html