CVE-2013-6639

Upstream information

CVE-2013-6639 at MITRE

Description

The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.

---

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores

	National Vulnerability Database
Base Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	Partial

SUSE Bugzilla entry: 854473 [RESOLVED / FIXED]

SUSE Security Advisories:

• SUSE-SU-2019:14246-1, published Wed Dec 11 13:19:40 MST 2019
• openSUSE-SU-2013:1927-1, published Mon, 23 Dec 2013 15:04:16 +0100 (CET)
• openSUSE-SU-2013:1933-1, published Mon, 23 Dec 2013 15:06:12 +0100 (CET)
• openSUSE-SU-2013:1960-1, published Wed, 25 Dec 2013 18:09:56 +0100 (CET)
• openSUSE-SU-2013:1962-1, published Wed, 25 Dec 2013 18:10:24 +0100 (CET)
• openSUSE-SU-2014:0065-1, published Wed, 15 Jan 2014 11:04:14 +0100 (CET)
• openSUSE-SU-2014:0092-1, published Mon, 20 Jan 2014 12:04:16 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Module for Web Scripting 15 SP1	nodejs8 >= 8.15.1-3.14.1 nodejs8-devel >= 8.15.1-3.14.1 nodejs8-docs >= 8.15.1-3.14.1 npm8 >= 8.15.1-3.14.1
SUSE Linux Enterprise Module for Web Scripting 15	nodejs8 >= 8.11.1-1.19 nodejs8-devel >= 8.11.1-1.19 nodejs8-docs >= 8.11.1-1.19 npm8 >= 8.11.1-1.19
SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS	MozillaFirefox >= 68.2.0-78.51.4 MozillaFirefox-branding-SLED >= 68-21.9.8 MozillaFirefox-translations-common >= 68.2.0-78.51.4 MozillaFirefox-translations-other >= 68.2.0-78.51.4 firefox-atk >= 2.26.1-2.8.4 firefox-atk-lang >= 2.26.1-2.8.4 firefox-cairo >= 1.15.10-2.13.4 firefox-gdk-pixbuf >= 2.36.11-2.8.4 firefox-gdk-pixbuf-lang >= 2.36.11-2.8.4 firefox-gdk-pixbuf-query-loaders >= 2.36.11-2.8.4 firefox-gdk-pixbuf-thumbnailer >= 2.36.11-2.8.4 firefox-gio-branding-upstream >= 2.54.3-2.14.7 firefox-glib2 >= 2.54.3-2.14.7 firefox-glib2-lang >= 2.54.3-2.14.7 firefox-glib2-tools >= 2.54.3-2.14.7 firefox-gtk3 >= 3.10.9-2.15.3 firefox-gtk3-branding-upstream >= 3.10.9-2.15.3 firefox-gtk3-data >= 3.10.9-2.15.3 firefox-gtk3-immodule-amharic >= 3.10.9-2.15.3 firefox-gtk3-immodule-inuktitut >= 3.10.9-2.15.3 firefox-gtk3-immodule-multipress >= 3.10.9-2.15.3 firefox-gtk3-immodule-thai >= 3.10.9-2.15.3 firefox-gtk3-immodule-vietnamese >= 3.10.9-2.15.3 firefox-gtk3-immodule-xim >= 3.10.9-2.15.3 firefox-gtk3-immodules-tigrigna >= 3.10.9-2.15.3 firefox-gtk3-lang >= 3.10.9-2.15.3 firefox-gtk3-tools >= 3.10.9-2.15.3 firefox-harfbuzz >= 1.7.5-2.7.4 firefox-libatk-1_0-0 >= 2.26.1-2.8.4 firefox-libcairo-gobject2 >= 1.15.10-2.13.4 firefox-libcairo2 >= 1.15.10-2.13.4 firefox-libffi >= 3.2.1.git259-2.3.3 firefox-libffi-gcc5 >= 5.3.1+r233831-14.1 firefox-libffi4 >= 5.3.1+r233831-14.1 firefox-libffi7 >= 3.2.1.git259-2.3.3 firefox-libgdk_pixbuf-2_0-0 >= 2.36.11-2.8.4 firefox-libgtk-3-0 >= 3.10.9-2.15.3 firefox-libharfbuzz0 >= 1.7.5-2.7.4 firefox-libpango-1_0-0 >= 1.40.14-2.7.4 firefox-pango >= 1.40.14-2.7.4 libfirefox-gio-2_0-0 >= 2.54.3-2.14.7 libfirefox-glib-2_0-0 >= 2.54.3-2.14.7 libfirefox-gmodule-2_0-0 >= 2.54.3-2.14.7 libfirefox-gobject-2_0-0 >= 2.54.3-2.14.7 libfirefox-gthread-2_0-0 >= 2.54.3-2.14.7 libfreebl3 >= 3.45-38.9.3 libfreebl3-32bit >= 3.45-38.9.3 libsoftokn3 >= 3.45-38.9.3 libsoftokn3-32bit >= 3.45-38.9.3 mozilla-nspr >= 4.21-29.6.1 mozilla-nspr-32bit >= 4.21-29.6.1 mozilla-nspr-devel >= 4.21-29.6.1 mozilla-nss >= 3.45-38.9.3 mozilla-nss-32bit >= 3.45-38.9.3 mozilla-nss-certs >= 3.45-38.9.3 mozilla-nss-certs-32bit >= 3.45-38.9.3 mozilla-nss-devel >= 3.45-38.9.3 mozilla-nss-tools >= 3.45-38.9.3	Patchnames: slessp4-firefox-201910-14246
openSUSE 12.3	chromedriver >= 31.0.1650.63-1.21.1 chromedriver-debuginfo >= 31.0.1650.63-1.21.1 chromium >= 31.0.1650.63-1.21.1 chromium-debuginfo >= 31.0.1650.63-1.21.1 chromium-debugsource >= 31.0.1650.63-1.21.1 chromium-desktop-gnome >= 31.0.1650.63-1.21.1 chromium-desktop-kde >= 31.0.1650.63-1.21.1 chromium-ffmpegsumo >= 31.0.1650.63-1.21.1 chromium-ffmpegsumo-debuginfo >= 31.0.1650.63-1.21.1 chromium-suid-helper >= 31.0.1650.63-1.21.1 chromium-suid-helper-debuginfo >= 31.0.1650.63-1.21.1 libv8-3 >= 3.22.24.8-2.4.1 libv8-3-debuginfo >= 3.22.24.8-2.4.1 v8 >= 3.22.24.8-2.4.1 v8-devel >= 3.22.24.8-2.4.1 v8-private-headers-devel >= 3.22.24.8-2.4.1	Patchnames: openSUSE-2013-1000 openSUSE-2013-1025
openSUSE 13.1	chromedriver >= 31.0.1650.63-13.7 chromedriver-debuginfo >= 31.0.1650.63-13.7 chromium >= 31.0.1650.63-13.7 chromium-debuginfo >= 31.0.1650.63-13.7 chromium-debugsource >= 31.0.1650.63-13.7 chromium-desktop-gnome >= 31.0.1650.63-13.7 chromium-desktop-kde >= 31.0.1650.63-13.7 chromium-ffmpegsumo >= 31.0.1650.63-13.7 chromium-ffmpegsumo-debuginfo >= 31.0.1650.63-13.7 chromium-suid-helper >= 31.0.1650.63-13.7 chromium-suid-helper-debuginfo >= 31.0.1650.63-13.7 libv8-3 >= 3.22.24.8-2.4.1 libv8-3-debuginfo >= 3.22.24.8-2.4.1 v8 >= 3.22.24.8-2.4.1 v8-devel >= 3.22.24.8-2.4.1 v8-private-headers-devel >= 3.22.24.8-2.4.1	Patchnames: openSUSE-2013-1026 openSUSE-2014-37
openSUSE Leap 15.0	chromium >= 66.0.3359.170-lp150.1.1	Patchnames: openSUSE Leap 15.0 GA chromium
openSUSE Tumbleweed	chromedriver >= 55.0.2883.75-3.1 chromium >= 55.0.2883.75-3.1 libv8-5 >= 5.3.171-4.1 v8 >= 5.3.171-4.1 v8-devel >= 5.3.171-4.1 v8-private-headers-devel >= 5.3.171-4.1	Patchnames: openSUSE Tumbleweed GA chromedriver openSUSE Tumbleweed GA libv8-5