Case Study of JavaScript Engine Vulnerabilities

V8

CVE-2013-6632: TypedArray, Integer Overflow, OOB, Pinkie Pie
CVE-2014-1705: TypedArray, Invalid Array Length, OOB, geohot
CVE-2014-3176: Array.concat, Side Effect, OOB, lokihardt
CVE-2014-7927: asm.js, Compiler, OOB, Christian Holler
CVE-2014-7928: Array, Optimization, Christian Holler
CVE-2015-1233: Array, Optimization, OOB
CVE-2015-1242: Type Confusion, [email protected]
CVE-2015-6764: JSON.stringify, Side Effect, OOB, Pwn2Own, Guang Gong, Qihoo 360
CVE-2015-6771: TypedArray.map, Prototype, OOB
CVE-2015-8584: JSON.stringify, Side Effect, OOB
CVE-2016-1646: Array.concat, Side Effect, OOB, Wen Xu, Tencent KeenLab
CVE-2016-1653: asm.js, TypedArray, Optimization, OOB, Choongwoo Han
CVE-2016-1665: asm.js, Compiler, HyungSeok Han
CVE-2016-1669: RegExp, Heap Overflow, Integer Overflow, Choongwoo Han
CVE-2016-1677: decodeURI, Side Effect, Information Leak, Guang Gong, Qihoo 360
CVE-2016-1688: RegExp, Max Korenko
CVE-2016-5129: Array, Side Effect, Jeonghoon Shin
CVE-2016-5172: Scope, Choongwoo Han
CVE-2016-5198: parseInt, Compiler, Optimization, OOB, Tencent Keen Security Lab
CVE-2016-5200: asm.js, TypedArray, Optimization, OOB, Choongwoo Han
CVE-2016-9651: Object.assign, Property, Guang Gong, Qihoo 360

CVE-2016-3386: Spread Operator, Array, Proxy, Stack Overflow, Richard Zhu
CVE-2016-7189: Array.join, Information Leak, Natalie Silvanovich, Google Project Zero
CVE-2016-7190: Array.map, Heap Overflow, Natalie Silvanovich, Google Project Zero
CVE-2016-7194: Function.apply, Information Leak, Natalie Silvanovich, Google Project Zero
CVE-2016-7200: Array.filter, Heap Corruption, Natalie Silvanovich, Google Project Zero
CVE-2016-7201: Array, Prototype, Type Confusion, Natalie Silvanovich, Google Project Zero
CVE-2016-7202: Array.reverse, Overflow, Natalie Silvanovich, Google Project Zero
CVE-2016-7203: Array.splice, Heap Overflow, Natalie Silvanovich, Google Project Zero
CVE-2016-7240: eval, Proxy, Type Confusion, Natalie Silvanovich, Google Project Zero
CVE-2016-7241: JSON.parse, Information Leak, Natalie Silvanovich, Google Project Zero
CVE-2016-7286: SIMD.toLocaleString, Uninitialized Memory, Natalie Silvanovich, Google Project Zero
CVE-2016-7287: Intl, Initialization, Type Confusion, Natalie Silvanovich, Google Project Zero
CVE-2016-7288: TypedArray.sort, Use After Free, Buffer Neutering, Side Effect, Natalie Silvanovich, Google Project Zero
CVE-2017-0071: Array, Optimization, Type Confusion, lokihardt, Google Project Zero

CVE-2016-1857: Array.join, Use After Free, Side Effect, KeenLab Tencent, (Liang Chen, Zhen Feng, wushi), Jeonghoon Shin
CVE-2016-4622: Array.slice, OOB, Side Effect, Samuel Groß
CVE-2016-4734: TypedArray.copyWithin, TypedArray.fill, Buffer Neutering, Side Effect, Natalie Silvanovich, Google Project Zero
CVE-2017-2446: Funciton.caller, Type Confusion, Natalie Silvanovich, Google Project Zero
CVE-2017-2447: Function.bind, OOB, Natalie Silvanovich, Google Project Zero

CVE-2014-1513: TypedArray.subarray, OOB, Buffer Neutering, Side Effect, Jüri Aedla

Name		Name	Last commit message	Last commit date
Latest commit History 36 Commits
chakra		chakra
jsc		jsc
spidermonkey		spidermonkey
v8		v8
README.md		README.md