Launchpad CVE tracker

CVE 2013-6640

The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.

Related bugs and status

CVE-2013-6640 (Candidate) is related to these bugs:

Bug #1249389: linker complains of PIC instruction on object file not compiled as PIC

Summary				In	Importance	Status
	1249389	linker complains of PIC instruction on object file not compiled as PIC		chromium-browser (Ubuntu)	Undecided	Fix Released

Bug #1250579: Security fixes from 31.0.1650.48

Summary				In	Importance	Status
	1250579	Security fixes from 31.0.1650.48		chromium-browser (Ubuntu)	Undecided	Fix Released

Bug #1251454: chromium-browser fails to depend on a compatible version of libnss3

Summary				In	Importance	Status
	1251454	chromium-browser fails to depend on a compatible version of libnss3		chromium-browser (Ubuntu)	Undecided	Fix Released

Bug #1837038: Broken and defunct libv8-3.14 urgently needs removal

Summary				In	Importance	Status
	1837038	Broken and defunct libv8-3.14 urgently needs removal		libv8-3.14 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-6640

References