Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1) Runtime_TypedArrayInitialize and (2) Runtime_TypedArrayInitializeFromArrayLike functions.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2013-6638 from the MITRE CVE dictionary dictionary and NIST NVD.
Not Vulnerable. This issue only affects versions of v8 that support typed arrays. This issue does not affect the versions of v8 as shipped with various Red Hat products.
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 6.8 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Package | State |
|---|---|---|
| Red Hat Subscription Asset Manager 1 | v8 | Not affected |
| Red Hat Subscription Asset Manager 1 | ruby193-v8 | Not affected |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux | v8314-v8 | Not affected |
| Red Hat Satellite 6 | v8 | Not affected |
| Red Hat OpenShift Enterprise 2 | v8 | Not affected |
| Red Hat OpenShift Enterprise 1 | ruby193-v8 | Not affected |
| Red Hat Enterprise Linux OpenStack Platform 4.0 | v8 | Not affected |
| Red Hat Enterprise Linux OpenStack Platform 4.0 | ruby193-v8 | Not affected |
| Red Hat Enterprise Linux OpenStack Platform 3.0 | v8 | Not affected |
| Red Hat Enterprise Linux OpenStack Platform 3.0 | ruby193-v8 | Not affected |
Vulmon