VDB

CVE-2016-1646

CVE-2016-1646 PUBLISHED KEV

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.

EPSS 66.91% · 98.6th percentile

Risk Scores

EPSS Score
66.91%
98.6th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSlibv8-3.140, 3.14.5.8-11ubuntu1
Ubuntu:16.04:LTSchromium-browser0, 47.0.2526.73-0ubuntu1.1218, 48.0.2564.82-0ubuntu1.1222
Ubuntu:16.04:LTSlibv8-3.143.14.5.8-5ubuntu2, 0
Ubuntu:14.04:LTSchromium-browser47.0.2526.106-0ubuntu0.14.04.1.1107, 0, 29.0.1547.65-0ubuntu2
Ubuntu:14.04:LTSoxide-qt1.6.5-0ubuntu0.14.04.1, 1.12.5-0ubuntu0.14.04.1, 1.9.5-0ubuntu0.14.04.1
Ubuntu:16.04:LTSoxide-qt0, 1.9.5-0ubuntu1, 1.10.3-0ubuntu0.15.10.1

Exploit Intelligence

…and 26 more exploits

Timeline

  • Mar 29, 2016 CVE Published
  • Sep 24, 2019 VulnCheck KEV Exploitation
  • Sep 25, 2019 PoC Published
  • Oct 9, 2020 PoC Published
  • Feb 4, 2022 EPSS Score
  • Jun 8, 2022 CISA KEV Added
  • Jun 14, 2023 PoC Published
  • Nov 8, 2023 EPSS Score
  • Dec 5, 2024 VulnCheck KEV Exploitation
  • Dec 17, 2024 EPSS Score
  • Dec 24, 2024 PoC Published
  • Feb 23, 2025 PoC Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›