CVE-2018-6142 - Vulnerability Details - OpenCVE

Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.003.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Chrome
Redhat	Rhel Extras

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6 Supplementary
chromium-browser-0:67.0.3396.62-2.el6_9	cpe:/a:redhat:rhel_extras:6	RHSA-2018:1815	2018-06-07T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DSA	DSA-4237-1	chromium-browser security update
EUVD	EUVD-2018-17905	Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
https://crbug.com/837939
https://nvd.nist.gov/vuln/detail/CVE-2018-6142
https://www.cve.org/CVERecord?id=CVE-2018-6142

History

No history.

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2019-06-27T16:13:42

Updated: 2024-08-05T05:54:53.159Z

Reserved: 2018-01-23T00:00:00

Link: CVE-2018-6142

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-06-27T17:15:12.787

Modified: 2024-11-21T04:10:09.050

Link: CVE-2018-6142

Redhat

Severity : Moderate

Publid Date: 2018-05-29T00:00:00Z

Links: CVE-2018-6142 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Chrome", "vendor": "Google", "versions": [{"lessThan": "67.0.3396.62", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file."}], "problemTypes": [{"descriptions": [{"description": "Out of bounds read", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-27T16:13:42", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html"}, {"tags": ["x_refsource_MISC"], "url": "https://crbug.com/837939"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2018-6142", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Chrome", "version": {"version_data": [{"version_affected": "<", "version_value": "67.0.3396.62"}]}}]}, "vendor_name": "Google"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out of bounds read"}]}]}, "references": {"reference_data": [{"name": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html"}, {"name": "https://crbug.com/837939", "refsource": "MISC", "url": "https://crbug.com/837939"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:54:53.159Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://crbug.com/837939"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2018-6142", "datePublished": "2019-06-27T16:13:42", "dateReserved": "2018-01-23T00:00:00", "dateUpdated": "2024-08-05T05:54:53.159Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "350949F0-83A1-46DE-87DD-A39116F6F1CC", "versionEndExcluding": "67.0.3396.62", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file."}, {"lang": "es", "value": "el fallo en la verificaci\u00f3n de los l\u00edmites de la matriz en V8 en Google Chrome antes de 67.0.3396.62 permiti\u00f3 a un atacante remoto realizar una lectura de memoria fuera de los l\u00edmites a trav\u00e9s de un archivo PDF dise\u00f1ado."}], "id": "CVE-2018-6142", "lastModified": "2024-11-21T04:10:09.050", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-27T17:15:12.787", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://crbug.com/837939"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://crbug.com/837939"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}