Case Study of JavaScript Engine Vulnerabilities

V8

CVE Number	Feature	Keywords	Credit
CVE-2013-6632	TypedArray	Integer Overflow, OOB	Pinkie Pie
CVE-2014-1705	TypedArray	Invalid Array Length, OOB	geohot
CVE-2014-3176	Array.concat	Side Effect, OOB	lokihardt
CVE-2014-7927	asm.js	Compiler, OOB	Christian Holler
CVE-2014-7928	Array	Optimization	Christian Holler
CVE-2015-1233	Array	Optimization, OOB	?
CVE-2015-1242	Array	Optimization, Type Confusion	[email protected]
CVE-2015-6764	JSON.stringify	Side Effect, OOB,	Guang Gong [1]
CVE-2015-6771	TypedArray.map	Prototype, OOB	?
CVE-2015-8584	JSON.stringify	Side Effect, OOB	?
CVE-2016-1646	Array.concat	Side Effect, OOB	Wen Xu [2]
CVE-2016-1653	asm.js	TypedArray, Optimization, OOB	Choongwoo Han
CVE-2016-1665	asm.js	Compiler	HyungSeok Han
CVE-2016-1669	RegExp	Heap Overflow, Integer Overflow	Choongwoo Han
CVE-2016-1677	decodeURI	Side Effect, Information Leak	Guang Gong [1]
CVE-2016-1688	RegExp		Max Korenko
CVE-2016-5129	Array	Side Effect	Jeonghoon Shin
CVE-2016-5172		Scope	Choongwoo Han
CVE-2016-5198	Optimization	parseInt, Compiler, OOB	Tencent Keen Security Lab
CVE-2016-5200	asm.js	TypedArray, Optimization, OOB	Choongwoo Han
CVE-2016-9651	Object.assign	Logic, Property	Guang Gong [1]
CVE-2017-5030	Array.concat	Side Effect, OOB	Brendon Tiszka
CVE-2017-5040	Array.indexOf	TypedArray, Side Effect, Buffer Neutering	Choongwoo Han
CVE-2017-5053	Array.indexOf	Side Effect	Team Sniper [2]
CVE-2017-5071	Compiler	OOB	Choongwoo Han

CVE Number	Feature	Keywords	Credit
CVE-2016-3386	Spread Operator	Array, Proxy, Stack Overflow	Richard Zhu
CVE-2016-7189	Array.join	Information Leak	Natalie Silvanovich [3]
CVE-2016-7190	Array.map	Heap Overflow	Natalie Silvanovich [3]
CVE-2016-7194	Function.apply	Information Leak	Natalie Silvanovich [3]
CVE-2016-7200	Array.filter	Heap Corruption	Natalie Silvanovich [3]
CVE-2016-7201	Array	Prototype, Type Confusion	Natalie Silvanovich [3]
CVE-2016-7202	Array.reverse	Overflow	Natalie Silvanovich [3]
CVE-2016-7203	Array.splice	Heap Overflow	Natalie Silvanovich [3]
CVE-2016-7240	eval	Proxy, Type Confusion	Natalie Silvanovich [3]
CVE-2016-7241	JSON.parse	Information Leak	Natalie Silvanovich [3]
CVE-2016-7286	SIMD.toLocaleString	Uninitialized Memory	Natalie Silvanovich [3]
CVE-2016-7287	Intl	Initialization, Type Confusion	Natalie Silvanovich [3]
CVE-2016-7288	TypedArray.sort	Side Effect, Buffer Neutering	Natalie Silvanovich [3]
CVE-2017-0015	Spread Operator	Side Effect, Uninitialized Memory	Qixun Zhao [4] lokihart Simon Zuckerbraun
CVE-2017-0071	Array	Optimization, Type Confusion	lokihardt [3]
CVE-2017-0134	Array.concat	Side Effect, Type Confusion	Jordan Rabet
CVE-2017-0141	Array.reverse	Side Effect	Semmle Inc

CVE Number	Feature	Keywords	Credit
CVE-2016-1857	Array.join	Side Effect, Use After Free	Liang Chen, Zhen Feng, wushi [2] Jeonghoon Shin
CVE-2016-4622	Array.slice	Side Effect, OOB	Samuel Groß
CVE-2016-4734	TypedArray.copyWithin TypedArray.fill	Side Effect, Buffer Neutering	Natalie Silvanovich [3]
CVE-2017-2446	Funciton.caller	Type Confusion	Natalie Silvanovich [3]
CVE-2017-2447	Function.bind	OOB	Natalie Silvanovich [3]
CVE-2017-2464	Array.concat	Integer Overflow	Natalie Silvanovich [3]
CVE-2017-2491	String.replace	RegExp, Use After Free	Samuel Groß, and Niklas Baumstark
CVE-2017-2521	Array.length	OOB	lokihardt [3]
CVE-2017-2531		OOB	lokihardt [3]
CVE-2017-2536	Spread Operator	Array, Integer Overflow	Samuel Groß, and Niklas Baumstark
CVE-2017-2547	Optimization	parseInt, Compiler, OOB	lokihardt [3]
CVE-2017-6980	Array.splice	Uninitialized Memory	lokihardt [3]
CVE-2017-6984	Intl.getCanonicalLocales	Heap Overflow	lokihardt [3]

CVE Number	Feature	Keywords	Credit
CVE-2014-1513	TypedArray.subarray	OOB, Buffer Neutering, Side Effect	Jüri Aedla

[1] Qihoo 360
[2] Tencent KeenLab
[3] Google Project Zero
[4] Qihoo 360 Skyeye Labs

Name		Name	Last commit message	Last commit date
Latest commit History 57 Commits
chakra		chakra
jsc		jsc
spidermonkey		spidermonkey
v8		v8
README.md		README.md