Bug 1094858 – CVE-2014-1736 v8: integer overflow can lead to a remote denial of service

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1094858 - (CVE-2014-1736) CVE-2014-1736 v8: integer overflow can lead to a remote denial of service

Summary:	CVE-2014-1736 v8: integer overflow can lead to a remote denial of service

Status:	CLOSED NOTABUG

Aliases:	CVE-2014-1736

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20140424,repor...
Keywords:	Security

Depends On:	1094892 1094893
Blocks:	1091840
	Show dependency tree / graph

Reported:	2014-05-06 11:50 EDT by Vincent Danen
Modified:	2016-04-26 20:47 EDT (History)
CC List:	51 users (show)

See Also:
Fixed In Version:	v8 3.24.35.33
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2014-06-16 15:37:21 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Vincent Danen 2014-05-06 11:50:30 EDT

Common Vulnerabilities and Exposures assigned an identifier CVE-2014-1736 to
the following vulnerability:

Name: CVE-2014-1736
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1736
Assigned: 20140129
Reference: http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
Reference: https://code.google.com/p/chromium/issues/detail?id=359802
Reference: https://code.google.com/p/v8/source/detail?r=20519
Reference: https://code.google.com/p/v8/source/detail?r=20525
Reference: SECUNIA:58301
Reference: http://secunia.com/advisories/58301

Integer overflow in api.cc in Google V8, as used in Google Chrome
before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on
Linux, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via a large length value.


A quick examination of the code in Fedora shows that it is likely affected although the upstream patches would require some massaging to apply.

Comment 1 Vincent Danen 2014-05-06 13:10:06 EDT

Created v8 tracking bugs for this issue:

Affects: fedora-all [bug 1094892]
Affects: epel-6 [bug 1094893]

Comment 2 Tomas Hoger 2014-06-16 15:37:21 EDT

(In reply to Vincent Danen from comment #0)
> https://code.google.com/p/v8/source/detail?r=20519

This commit was later reverted as incorrect, see:
https://code.google.com/p/v8/source/detail?r=20520

> https://code.google.com/p/v8/source/detail?r=20525

This is not applicable to v8 3.14.

Note You need to log in before you can comment on or make changes to this bug.

abaron
aortega
apevec
ayoung
bdunne
bkearney
bleanhar
briang
cbillett
ccoleman
chrisw
cpelland
dajohnso
dallan
dclarizi
dmcphers
drieden
gkotton
gmccullo
jamielinux
jdetiber
jfrey
jialiu
jkeck
jokerman
jomara
jorton
jprause
jrafanie
katello-bugs
kseifried
lhh
lmeyer
markmc
mfeifer
mmaslano
mmccomas
mmccune
obarenbo
rbryant
rhos-maint
sclewis
tcallawa
tchollingsworth
thrcka
tjay
tkramer
tomckay
tomspur
xlecauch
yeylon