{"id":"CVE-2016-5172","details":"The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.","modified":"2026-04-16T06:16:02.731581247Z","published":"2016-09-25T20:59:04.260Z","related":["SUSE-SU-2019:14246-1","openSUSE-SU-2016:2309-1","openSUSE-SU-2016:2311-1","openSUSE-SU-2024:10171-1","openSUSE-SU-2024:12948-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/92942"},{"type":"WEB","url":"http://www.securitytracker.com/id/1036826"},{"type":"WEB","url":"https://codereview.chromium.org/2077283004"},{"type":"WEB","url":"https://crbug.com/616386"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-1905.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3667"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201610-09"},{"type":"ARTICLE","url":"https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nodejs/node","events":[{"introduced":"ce3e3c5fe15479475c068482c48eb9cbf1ac9df5"},{"last_affected":"c6a397bce63fc026421e1515b98eec9b8b5a8468"},{"introduced":"0"},{"last_affected":"0d8021e5a4cf0a6aa3a700a361f6d42c2894f2ba"},{"introduced":"0"},{"last_affected":"fa9990f3fb5b06fe94e294925246d2c136deb2c2"}],"database_specific":{"versions":[{"introduced":"6.0.0"},{"last_affected":"6.8.1"},{"introduced":"0"},{"last_affected":"8.0"},{"introduced":"0"},{"last_affected":"9.0"}]}}],"versions":["v0.0.1","v0.0.2","v0.0.3","v0.0.4","v0.0.6","v0.1.0","v0.1.1","v0.1.10","v0.1.100","v0.1.101","v0.1.102","v0.1.103","v0.1.104","v0.1.11","v0.1.12","v0.1.13","v0.1.14","v0.1.15","v0.1.16","v0.1.17","v0.1.18","v0.1.19","v0.1.2","v0.1.20","v0.1.21","v0.1.22","v0.1.23","v0.1.24","v0.1.25","v0.1.26","v0.1.27","v0.1.28","v0.1.29","v0.1.3","v0.1.30","v0.1.31","v0.1.32","v0.1.33","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.8","v0.1.9","v0.1.92","v0.1.93","v0.1.94","v0.1.95","v0.1.96","v0.1.97","v0.1.98","v0.1.99","v0.2.0","v0.3.0","v0.3.1","v0.3.2","v0.3.4","v0.3.5","v0.3.6","v0.3.7","v0.3.8","v0.4.0","v0.5.0","v0.5.1","v0.5.10","v0.5.2","v0.5.3","v0.5.4","v0.5.5","v0.5.5-rc1","v0.5.6","v0.5.7","v0.5.8","v0.5.9","v0.6.0","v0.6.1","v0.7.0","v0.7.2","v0.7.3","v1.0.1","v1.0.1-release","v1.0.2","v1.0.2-release","v1.0.3","v1.0.4","v1.1.0","v1.2.0","v1.3.0","v1.4.1","v1.4.2","v1.4.3","v1.5.0","v1.5.1","v1.6.0","v1.6.1","v1.6.2","v1.6.3","v1.6.4","v1.7.0","v1.7.1","v2.0.0","v2.0.1","v2.0.2","v2.1.0","v2.2.0","v2.2.1","v2.3.0","v2.3.1","v2.3.2","v2.3.3","v2.3.4","v2.4.0","v2.5.0","v3.0.0","v6.0.0","v6.1.0","v6.2.0","v6.2.1","v6.2.2","v6.3.0","v6.3.1","v6.4.0","v6.5.0","v6.6.0","v6.7.0","v6.8.0","v6.8.1","v8.0.0","v9.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5172.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"53.0.2785.101"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}