WebKit JavaScriptCore MacroAssemblerARM64.h operatorString out-of-bounds

A vulnerability, which was classified as problematic, was found in WebKit. This affects the function operatorString of the file assembler/MacroAssemblerARM64.h of the component JavaScriptCore. The manipulation leads to out-of-bounds read. The CWE definition for the vulnerability is CWE-125. The bug was discovered 04/01/2017. The weakness was disclosed 04/03/2017 as 209295 (Website). The advisory is shared at bugs.webkit.org. This vulnerability is uniquely identified as CVE-2016-10226. It is possible to initiate the attack remotely. Technical details are available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 2 days. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field04/03/2017 04:55 PM08/25/2020 11:27 AM11/24/2022 05:34 PM
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cNNN
cvss3_nvd_iNNN
cvss3_nvd_aHHH
date1491177600 (04/03/2017)1491177600 (04/03/2017)1491177600 (04/03/2017)
urlhttps://bugs.webkit.org/show_bug.cgi?id=165091https://bugs.webkit.org/show_bug.cgi?id=165091https://bugs.webkit.org/show_bug.cgi?id=165091
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2016-10226CVE-2016-10226CVE-2016-10226
cve_assigned1487289600 (02/17/2017)1487289600 (02/17/2017)1487289600 (02/17/2017)
cve_nvd_published149117760014911776001491177600
cve_nvd_summaryJavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wasm/WasmB3IRGenerator.cpp.JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wasm/WasmB3IRGenerator.cpp.JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wasm/WasmB3IRGenerator.cpp.
seealso992369923699236
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days222
cvss3_nvd_basescore7.57.57.5
typeWeb BrowserWeb BrowserWeb Browser
nameWebKitWebKitWebKit
componentJavaScriptCoreJavaScriptCoreJavaScriptCore
fileassembler/MacroAssemblerARM64.hassembler/MacroAssemblerARM64.hassembler/MacroAssemblerARM64.h
functionoperatorStringoperatorStringoperatorString
cwe125 (out-of-bounds)125 (out-of-bounds)125 (out-of-bounds)
risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore4.34.34.3
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciNNN
cvss2_nvd_iiNNN
cvss2_nvd_aiPPP
cvss3_meta_basescore5.95.95.9
cvss3_meta_tempscore5.95.95.9
cvss3_vuldb_basescore4.34.34.3
cvss3_vuldb_tempscore4.34.34.3
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
confirm_urlhttps://bugs.webkit.org/show_bug.cgi?id=165091https://bugs.webkit.org/show_bug.cgi?id=165091
osvdb_titleCVE-2016-10226 - WebKit - Out-of-Bounds Read IssueCVE-2016-10226 - WebKit - Out-of-Bounds Read Issue
discoverydate14910048001491004800
identifier209295
cvss2_nvd_basescore5.0

Want to stay up to date on a daily basis?

Enable the mail alert feature now!