oss-sec mailing list archives
Re: CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core
From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Sat, 26 Nov 2016 14:56:46 -0300
2016-11-11 4:07 GMT-03:00 <cve-assign () mitre org>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256We recently found a read out-of-bounds parsing JavaScript code in thelastrevision of WebKitWTF::ParkingLot::parkConditionallyImplCVE IDs for WebKit are typically assigned by Google. Perhaps you are testing WebKit code that is too new to affect Chrome. Possibly applicable references are: https://webkit.org/blog/6161/locking-in-webkit/ https://chromium.googlesource.com/chromium/src/+/master/thir d_party/WebKit/Source/wtf/ https://www.google.com/about/appsecurity/chrome-rewards/ If you can confirm that Chrome is unaffected or that your report wasn't accepted at https://code.google.com/p/chromium/issues/entry?template=Security%20Bug then we can send a CVE ID here.
After a month, i received no response from the original bug report in the webkit bug tracker. Additionally, Chrome / Chromium is not affected.
- -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYJW0PAAoJEHb/MwWLVhi2tAAP/0YPJtWUwAUpo9ei5DxUQpVF nKNQjnUR3lCVGwTGDqD3F9nnoWsyrAePbAYvRyodh/KFBLbdoN9EN6N7l8HaRqgy gbpetQ1WEJECggmarKk1HveIK82g5yfIKsAfk8ybkPl7FvObd60oQiB6TEZaZRZp WqT1eNuJM7fB9f+8GkDhuwMNkq3Q09BMhnM4GOJP8i6afaeh6R9Ih1cVOYwmNxsF c/+6ba2QQbCfN3G1P4Sy/0qt0Iuuh/6iN8aXu+c1Ghajx86/w5sPH5hy9BFusJ1i e3rSYLDVknDY87gKertfHnK1fkRBvlsABVvEdCiY0a0f8e5wCHB/aTx8fgE9RvCn M9767qljP3ea/8GAtSPwwskOx+yMNUJPYBlo6C5NDHW98sCHOlWS4yB3k8zvNWMz vS+skFo/GrqnX3RsuNoOdvpUpwt/mBoTr6sVK/oA9xY9U+lvdGiWCRri5ugSjgSK Dv1VpxzsQHE7fQBy8RJg5AtFS6VTKGAsTy68hAFkSTZV3aEZNJNsoRmdmCRImQs+ jKM7cT4MbSrEUEtEFysPt5AWbe5C8E8dwbhg/FNtZV7Zz+B8n7aRBfdcHMCkG0O9 NsVs9dJkv7w1mOdibownVMvTV/UqzMRr+lzzmUPbeWGetaxmCr3mn6+kx4uKYabH aqWJRCKdup0fmNUs/xSW =2oQn -----END PGP SIGNATURE-----
Current thread:
- CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core Gustavo Grieco (Nov 10)
- Re: CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core cve-assign (Nov 10)
- Re: CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core Gustavo Grieco (Nov 26)
- Re: CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core cve-assign (Nov 10)