Hide Forgot
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6638 to the following vulnerability: Name: CVE-2013-6638 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6638 Assigned: 20131105 Reference: http://www.mail-archive.com/v8-dev@googlegroups.com/msg79646.html Reference: http://code.google.com/p/v8/source/detail?r=17800 Reference: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html Reference: https://code.google.com/p/chromium/issues/detail?id=319722 Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1) Runtime_TypedArrayInitialize and (2) Runtime_TypedArrayInitializeFromArrayLike functions.
Created v8 tracking bugs for this issue: Affects: fedora-all [bug 1039892] Affects: epel-6 [bug 1039893]
This does not appear to affect v8-3.14.5.10 stable version used by Fedora for node.js. The TypedArray class affected does not exist in this version.
(In reply to T.C. Hollingsworth from comment #2) > This does not appear to affect v8-3.14.5.10 stable version used by Fedora > for node.js. The TypedArray class affected does not exist in this version. Same appears to be true for the ruby193-v8 versions as shipped by openstack,openshift,cloudforms, satellite and sam.
Statement: Not Vulnerable. This issue only affects versions of v8 that support typed arrays. This issue does not affect the versions of v8 as shipped with various Red Hat products.