CVE-2015-1242

Published: Apr 19, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages "type confusion" in the check-elimination optimization.

Affected (6)

Products: Canonical: Ubuntu Linux · Google: V8, Chrome · Debian: Debian Linux

1 product

2 products

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10
Canonical Ubuntu Linux	Version 15.04

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Google V8	Up to 4.2.77.7

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Up to 42.0.2311.60

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

References (22)

http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html

Source: chrome-cve-admin@google.com

http://rhn.redhat.com/errata/RHSA-2015-0816.html

Source: chrome-cve-admin@google.com

http://ubuntu.com/usn/usn-2570-1

Source: chrome-cve-admin@google.com

http://www.debian.org/security/2015/dsa-3238

Source: chrome-cve-admin@google.com

http://www.securitytracker.com/id/1032209

Source: chrome-cve-admin@google.com

https://code.google.com/p/chromium/issues/detail?id=460917

Source: chrome-cve-admin@google.com

https://codereview.chromium.org/1000893003

Source: chrome-cve-admin@google.com

https://codereview.chromium.org/1019033004

Source: chrome-cve-admin@google.com

https://security.gentoo.org/glsa/201506-04

Source: chrome-cve-admin@google.com

http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-0816.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://ubuntu.com/usn/usn-2570-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2015/dsa-3238

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032209

Source: af854a3a-2127-422b-91ae-364da2661108

https://code.google.com/p/chromium/issues/detail?id=460917

Source: af854a3a-2127-422b-91ae-364da2661108

https://codereview.chromium.org/1000893003

Source: af854a3a-2127-422b-91ae-364da2661108

https://codereview.chromium.org/1019033004

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201506-04

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.