NVD

Id
20481  
Name
CVE-2016-5142  
Description
The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2016-08-07  
Modified Date
2016-11-28  
Seq
2016-5142  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
112069 20481 CVE-2016-5142 http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html  View
112070 20481 CVE-2016-5142 openSUSE-SU-2016:1982  View
112071 20481 CVE-2016-5142 openSUSE-SU-2016:1983  View
112072 20481 CVE-2016-5142 RHSA-2016:1580  View
112073 20481 CVE-2016-5142 DSA-3645  View
112074 20481 CVE-2016-5142 92276  View
112075 20481 CVE-2016-5142 1036547  View
112076 20481 CVE-2016-5142 https://codereview.chromium.org/2141843002/  View
112077 20481 CVE-2016-5142 https://crbug.com/626948  View
112078 20481 CVE-2016-5142 FEDORA-2016-e9798eaaa3  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
3500 JVNDB-2016-004273 Google Chrome で使用される Blink の Web Cryptography API の実装におけるサービス運用妨害 (DoS) の脆弱性 Google Chrome で使用される Blink の Web Cryptography API (別名 WebCrypto) の実装は、データバッファを適切にコピーしないため、サービス運用妨害 (解放済みメモリの使用 (use-after-free)) 状態にされるなど、不特定の影響を受ける脆弱性が存在します。 CVE-2016-5142 91648 CVE-2016-5142 20481 7.5 9.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-004273.html 2016-08-03 2016-08-12 View