CVE-2014-3195

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc.
Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*

History

21 Nov 2024, 02:07

Type Values Removed Values Added
References () http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html - () http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html -
References () http://rhn.redhat.com/errata/RHSA-2014-1626.html - () http://rhn.redhat.com/errata/RHSA-2014-1626.html -
References () http://www.securityfocus.com/bid/70273 - () http://www.securityfocus.com/bid/70273 -
References () https://code.google.com/p/v8/source/detail?r=23144 - () https://code.google.com/p/v8/source/detail?r=23144 -
References () https://code.google.com/p/v8/source/detail?r=23268 - () https://code.google.com/p/v8/source/detail?r=23268 -
References () https://crbug.com/403409 - () https://crbug.com/403409 -

07 Nov 2023, 02:20

Type Values Removed Values Added
References (CONFIRM) https://crbug.com/403409 - Patch () https://crbug.com/403409 -
References (CONFIRM) http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html - Vendor Advisory () http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html -
References (BID) http://www.securityfocus.com/bid/70273 - () http://www.securityfocus.com/bid/70273 -
References (CONFIRM) https://code.google.com/p/v8/source/detail?r=23268 - () https://code.google.com/p/v8/source/detail?r=23268 -
References (CONFIRM) https://code.google.com/p/v8/source/detail?r=23144 - () https://code.google.com/p/v8/source/detail?r=23144 -
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2014-1626.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2014-1626.html -

Information

Published : 2014-10-08 10:55

Updated : 2024-11-21 02:07


NVD link : CVE-2014-3195

Mitre link : CVE-2014-3195

CVE.ORG link : CVE-2014-3195


JSON object : View

Products Affected

redhat

  • enterprise_linux_workstation_supplementary
  • enterprise_linux_server_supplementary_eus
  • enterprise_linux_server_supplementary
  • enterprise_linux_desktop_supplementary

google

  • chrome
CWE
CWE-399

Resource Management Errors