CVE-2013-6639

EUVD-2013-6441
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
≤ 31.0.1650.62
googlechrome
31.0.1650.0
googlechrome
31.0.1650.2
googlechrome
31.0.1650.3
googlechrome
31.0.1650.4
googlechrome
31.0.1650.5
googlechrome
31.0.1650.6
googlechrome
31.0.1650.7
googlechrome
31.0.1650.8
googlechrome
31.0.1650.9
googlechrome
31.0.1650.10
googlechrome
31.0.1650.11
googlechrome
31.0.1650.12
googlechrome
31.0.1650.13
googlechrome
31.0.1650.14
googlechrome
31.0.1650.15
googlechrome
31.0.1650.16
googlechrome
31.0.1650.17
googlechrome
31.0.1650.18
googlechrome
31.0.1650.19
googlechrome
31.0.1650.20
googlechrome
31.0.1650.22
googlechrome
31.0.1650.23
googlechrome
31.0.1650.25
googlechrome
31.0.1650.26
googlechrome
31.0.1650.27
googlechrome
31.0.1650.28
googlechrome
31.0.1650.29
googlechrome
31.0.1650.30
googlechrome
31.0.1650.31
googlechrome
31.0.1650.32
googlechrome
31.0.1650.33
googlechrome
31.0.1650.34
googlechrome
31.0.1650.35
googlechrome
31.0.1650.36
googlechrome
31.0.1650.37
googlechrome
31.0.1650.38
googlechrome
31.0.1650.39
googlechrome
31.0.1650.41
googlechrome
31.0.1650.42
googlechrome
31.0.1650.43
googlechrome
31.0.1650.44
googlechrome
31.0.1650.45
googlechrome
31.0.1650.46
googlechrome
31.0.1650.47
googlechrome
31.0.1650.48
googlechrome
31.0.1650.49
googlechrome
31.0.1650.50
googlechrome
31.0.1650.51
googlechrome
31.0.1650.52
googlechrome
31.0.1650.53
googlechrome
31.0.1650.54
googlechrome
31.0.1650.55
googlechrome
31.0.1650.57
googlechrome
31.0.1650.58
googlechrome
31.0.1650.59
googlechrome
31.0.1650.60
googlechrome
31.0.1650.61
googlev8
𝑥
≤ 3.22.24
googlev8
3.22.0
googlev8
3.22.1
googlev8
3.22.2
googlev8
3.22.3
googlev8
3.22.4
googlev8
3.22.5
googlev8
3.22.6
googlev8
3.22.7
googlev8
3.22.8
googlev8
3.22.9
googlev8
3.22.10
googlev8
3.22.11
googlev8
3.22.12
googlev8
3.22.13
googlev8
3.22.14
googlev8
3.22.15
googlev8
3.22.16
googlev8
3.22.17
googlev8
3.22.18
googlev8
3.22.19
googlev8
3.22.20
googlev8
3.22.21
googlev8
3.22.22
googlev8
3.22.23
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
lucid
ignored
precise
Fixed 31.0.1650.63-0ubuntu0.12.04.1~20131204.1
released
quantal
Fixed 31.0.1650.63-0ubuntu0.12.10.1~20131204.1
released
raring
Fixed 31.0.1650.63-0ubuntu0.13.04.1~20131204.1
released
saucy
Fixed 31.0.1650.63-0ubuntu0.13.10.1~20131204.1
released
trusty
dne
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
libv8
lucid
ignored
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
libv8-3.14
lucid
dne
precise
dne
quantal
dne
raring
dne
saucy
ignored
trusty
dne
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
qtjsbackend-opensource-src
lucid
dne
precise
dne
quantal
dne
raring
ignored
saucy
ignored
trusty
dne
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
Common Weakness Enumeration
References
http://code.google.com/p/v8/source/detail?r=17801
http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00122.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00124.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00063.html
http://secunia.com/advisories/56216
http://secunia.com/advisories/56217
http://www.debian.org/security/2013/dsa-2811
http://www.securitytracker.com/id/1029442
https://code.google.com/p/chromium/issues/detail?id=319835
http://code.google.com/p/v8/source/detail?r=17801
http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00122.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00124.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00063.html
http://secunia.com/advisories/56216
http://secunia.com/advisories/56217
http://www.debian.org/security/2013/dsa-2811
http://www.securitytracker.com/id/1029442
https://code.google.com/p/chromium/issues/detail?id=319835