Search for vulnerabilities
Vulnerability details: VCID-uadj-mq73-aaap
Vulnerability ID VCID-uadj-mq73-aaap
Aliases CVE-2015-6764
Summary The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
generic_textual Medium http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-6764.html
rhas Critical https://access.redhat.com/errata/RHSA-2015:2545
epss 0.02092 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.02092 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.02092 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.02092 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.02092 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.02092 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.02092 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.02092 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.02092 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.02092 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.02092 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.02092 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.02092 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.02092 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.02092 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.02092 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13575 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13575 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13575 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13575 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13575 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13575 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13575 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13575 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13575 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.13719 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
epss 0.32179 https://api.first.org/data/v1/epss?cve=CVE-2015-6764
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1285774
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1302
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6764
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6765
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6766
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6767
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6768
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6769
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6770
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6771
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6772
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6773
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6774
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6775
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6776
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6777
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6778
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6779
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6780
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6781
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6782
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6784
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6785
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6786
generic_textual Medium https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2015-6764
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2015-6764
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2015-6764
Reference id Reference type URL
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-6764.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6764.json
https://api.first.org/data/v1/epss?cve=CVE-2015-6764
https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc
https://code.google.com/p/chromium/issues/detail?id=554946
https://codereview.chromium.org/1440223002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6766
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6768
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6769
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6770
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6771
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6772
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6778
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6780
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6786
https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/
https://security.gentoo.org/glsa/201603-09
http://www.debian.org/security/2015/dsa-3415
http://www.securityfocus.com/bid/78209
http://www.securitytracker.com/id/1034298
1285774 https://bugzilla.redhat.com/show_bug.cgi?id=1285774
806385 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806385
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2015-6764 https://nvd.nist.gov/vuln/detail/CVE-2015-6764
RHSA-2015:2545 https://access.redhat.com/errata/RHSA-2015:2545
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2015-6764
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2015-6764
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2015-6764
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.89433
EPSS Score 0.02092
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.