Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6639 to the following vulnerability: Name: CVE-2013-6639 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6639 Assigned: 20131105 Reference: http://code.google.com/p/v8/source/detail?r=17801 Reference: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html Reference: https://code.google.com/p/chromium/issues/detail?id=319835 The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.
Created v8 tracking bugs for this issue: Affects: fedora-all [bug 1039894] Affects: epel-6 [bug 1039895]
v8-3.14.5.10-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
v8-3.14.5.10-3.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
v8-3.14.5.10-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
v8-3.14.5.10-3.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
node.js commit fixing this in embedded v8 copy: https://github.com/joyent/node/commit/39e2426
This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Via RHSA-2014:1744 https://rhn.redhat.com/errata/RHSA-2014-1744.html