QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2014-3195

Back to search

CVE-2014-3195

Published: Oct 8, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc.

VendorProductVersions

n/a

n/a

affected
n/a

References

RHSA-2014:1626
vendor-advisory
x_refsource_REDHAT
https://crbug.com/403409
x_refsource_CONFIRM
70273
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now