Bug 1013715 - (CVE-2016-9642) VUL-1: CVE-2016-9642: webkitgtk,webkitgtk3: Heap read out-of-bounds parsing a Javascript file with the last revision ofJavaScript Core
(CVE-2016-9642)
VUL-1: CVE-2016-9642: webkitgtk,webkitgtk3: Heap read out-of-bounds parsing a...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: E-mail List
Security Team bot
https://smash.suse.de/issue/176873/
CVSSv2:SUSE:CVE-2016-9642:4.3:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-12-05 16:47 UTC by Marcus Meissner
Modified: 2020-06-29 06:26 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-12-05 16:47:21 UTC
CVE-2016-9642


    https://bugs.webkit.org/show_bug.cgi?id=164000


    AddressSanitizer: heap-buffer-overflow
    READ of size 16


        #0 0x7ffff67f04af in WTF::(anonymous namespace)::lockHashtable()
    (/home/g/Work/Code/webkit-master/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18+0x20cc4af)
        #1 0x7ffff67f1b6c in WTF::ParkingLot::parkConditionallyImpl(void
    const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()>
    const&, std::chrono::time_point<std::chrono::_V2::steady_clock,
    std::chrono::duration<long, std::ratio<1l, 1000000000l> > >)
    (/home/g/Work/Code/webkit-master/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18+0x20cdb6c)
        #2 0x7ffff67cc1cb in std::_Function_handler<void (),
    WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase>
    const&)::{lambda()#1}>::_M_invoke(std::_Any_data const&)
    (/home/g/Work/Code/webkit-master/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18+0x20a81cb)


    After a month, i received no response from the original bug report in the
    webkit bug tracker. Additionally, Chrome / Chromium is not affected.


Use CVE-2016-9642.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9642
http://seclists.org/oss-sec/2016/q4/533
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9642.html
Comment 1 Swamp Workflow Management 2016-12-05 23:04:12 UTC
bugbot adjusting priority