NVD

Id
20509  
Name
CVE-2016-5171  
Description
WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2016-09-25  
Modified Date
2017-01-06  
Seq
2016-5171  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
112364 20509 CVE-2016-5171 DSA-3667  View
112365 20509 CVE-2016-5171 92942  View
112366 20509 CVE-2016-5171 https://codereview.chromium.org/2306023002  View
112367 20509 CVE-2016-5171 https://crbug.com/643357  View
112368 20509 CVE-2016-5171 https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
4140 JVNDB-2016-004913 Google Chrome で使用される Blink におけるサービス運用妨害 (DoS) の脆弱性 Google Chrome で使用される Blink の WebKit/Source/bindings/templates/interface.cpp は、特定のコンストラクタ呼び出しを制限しないため、サービス運用妨害 (解放済みメモリの使用 (use-after-free)) 状態にされるなど、不特定の影響を受ける脆弱性が存在します。 CVE-2016-5171 91677 CVE-2016-5171 20509 6.8 8.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-004913.html 2016-09-13 2016-09-28 View