CVE-2016-5142

Loading...

General

Score:7.5/10.0
Severity:High
Category:Resource Management Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2016-5139, CVE-2016-5140, CVE-2016-5141, CVE-2016-5143, CVE-2016-5144, CVE-2016-5145, CVE-2016-5146, CVE-2016-5147, CVE-2016-5148, CVE-2016-5150, CVE-2016-5153, CVE-2016-5155, CVE-2016-5156, CVE-2016-5161, CVE-2016-5164, CVE-2016-5165, CVE-2016-5167

Published on 07/08/16 - Updated on 01/07/17

Description

The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp.

Category: Resource Management Error

CWE-416 (Use After Free)
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Security Notices

US National Vulnerability DatabaseCVE-2016-5142
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-261
Arch Linux ASA-201608-16
Debian DSA-3645-1
Redhat RHSA-2016:1580
Ubuntu USN-3058-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
googlechrome

Share this vulnerability with:

Twitter Facebook LinkedIn Mail