CVE-2015-6764 - OpenCVE

The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Nodejs	Node.js
Google	Chrome

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

References

Link	Resource
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html
http://www.debian.org/security/2015/dsa-3415
http://www.securityfocus.com/bid/78209
http://www.securitytracker.com/id/1034298
https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc
https://code.google.com/p/chromium/issues/detail?id=554946
https://codereview.chromium.org/1440223002
https://security.gentoo.org/glsa/201603-09

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Chrome

Published: 2015-12-06T01:00:00

Updated: 2017-09-13T09:57:01

Reserved: 2015-08-31T00:00:00

Link: CVE-2015-6764

JSON object: View

NVD Information

Status : Modified

Published: 2015-12-06T01:59:00.103

Modified: 2023-11-07T02:27:04.260

Link: CVE-2015-6764

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-01T00:00:00", "descriptions": [{"lang": "en", "value": "The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-13T09:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=554946"}, {"name": "openSUSE-SU-2016:0138", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc"}, {"name": "openSUSE-SU-2015:2290", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://codereview.chromium.org/1440223002"}, {"name": "GLSA-201603-09", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201603-09"}, {"name": "DSA-3415", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3415"}, {"name": "78209", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/78209"}, {"name": "openSUSE-SU-2015:2291", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html"}, {"name": "1034298", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034298"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2015-6764", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html"}, {"name": "https://code.google.com/p/chromium/issues/detail?id=554946", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=554946"}, {"name": "openSUSE-SU-2016:0138", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html"}, {"name": "https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc", "refsource": "CONFIRM", "url": "https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc"}, {"name": "openSUSE-SU-2015:2290", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html"}, {"name": "https://codereview.chromium.org/1440223002", "refsource": "CONFIRM", "url": "https://codereview.chromium.org/1440223002"}, {"name": "GLSA-201603-09", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-09"}, {"name": "DSA-3415", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3415"}, {"name": "78209", "refsource": "BID", "url": "http://www.securityfocus.com/bid/78209"}, {"name": "openSUSE-SU-2015:2291", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html"}, {"name": "1034298", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034298"}]}}}}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2015-6764", "datePublished": "2015-12-06T01:00:00", "dateReserved": "2015-08-31T00:00:00", "dateUpdated": "2017-09-13T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "C12CC8E6-3341-4505-99CF-384840C20815", "versionEndIncluding": "46.0.2490.86", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379", "versionEndIncluding": "4.1.2", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "matchCriteriaId": "F4D8C744-2E80-4113-BF7C-C1C6EBF59C0B", "versionEndExcluding": "4.2.3", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "360FA963-ABA7-40BE-84B0-413FAE70B101", "versionEndIncluding": "5.1.1", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code."}, {"lang": "es", "value": "La funci\u00f3n BasicJsonStringifier::SerializeJSArray en json-stringifier.h en el stringifier JSON en Google V8, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.73, carga indebidamente elementos de un array, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (acceso a memoria fuera de rango) o posiblemente tener otro impacto no especificado a trav\u00e9s de c\u00f3digo JavaScript manipulado."}], "id": "CVE-2015-6764", "lastModified": "2023-11-07T02:27:04.260", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2015-12-06T01:59:00.103", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.debian.org/security/2015/dsa-3415"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/78209"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securitytracker.com/id/1034298"}, {"source": "chrome-cve-admin@google.com", "url": "https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/chromium/issues/detail?id=554946"}, {"source": "chrome-cve-admin@google.com", "url": "https://codereview.chromium.org/1440223002"}, {"source": "chrome-cve-admin@google.com", "url": "https://security.gentoo.org/glsa/201603-09"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}