CVE-2014-3152

Description

Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value.

References

Link	Tags
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157363.html	vendor advisory
https://code.google.com/p/v8/source/detail?r=20363
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157338.html	vendor advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157357.html	vendor advisory
http://www.debian.org/security/2014/dsa-2939	vendor advisory
http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
http://secunia.com/advisories/60372	third party advisory
http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html	vendor advisory
https://code.google.com/p/chromium/issues/detail?id=358057
http://secunia.com/advisories/59155	third party advisory
http://secunia.com/advisories/58920	third party advisory
http://www.securitytracker.com/id/1030270	vdb entry

Frequently Asked Questions

What is the severity of CVE-2014-3152?: CVE-2014-3152 has been scored as a high severity vulnerability.
How to fix CVE-2014-3152?: To fix CVE-2014-3152, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2014-3152 being actively exploited in the wild?: It is possible that CVE-2014-3152 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~3% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-189 – Numeric Errors

References

Frequently Asked Questions