Published: 05/09/2014 Updated: 12/05/2015

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Node.js 0.8 prior to 0.8.28 and 0.10 prior to 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote malicious users to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nodejs nodejs 0.8.6
nodejs nodejs 0.8.2
nodejs nodejs 0.8.3
nodejs nodejs 0.8.11
nodejs nodejs 0.8.12
nodejs nodejs 0.8.19
nodejs nodejs 0.8.20
nodejs nodejs 0.8.27
nodejs nodejs 0.10.0
nodejs nodejs 0.10.8
nodejs nodejs 0.10.9
nodejs nodejs 0.10.16
nodejs nodejs 0.10.17
nodejs nodejs 0.10.24
nodejs nodejs 0.10.25
nodejs nodejs 0.8.7
nodejs nodejs 0.8.8
nodejs nodejs 0.8.15
nodejs nodejs 0.8.16
nodejs nodejs 0.8.23
nodejs nodejs 0.8.24
nodejs nodejs 0.10.3
nodejs nodejs 0.10.4
nodejs nodejs 0.10.5
nodejs nodejs 0.10.12
nodejs nodejs 0.10.13
nodejs nodejs 0.10.20
nodejs nodejs 0.10.21
nodejs nodejs 0.10.29
nodejs nodejs 0.8.4
nodejs nodejs 0.8.5
nodejs nodejs 0.8.13
nodejs nodejs 0.8.14
nodejs nodejs 0.8.21
nodejs nodejs 0.8.22
nodejs nodejs 0.10.1
nodejs nodejs 0.10.2
nodejs nodejs 0.10.10
nodejs nodejs 0.10.11
nodejs nodejs 0.10.18
nodejs nodejs 0.10.19
nodejs nodejs 0.10.26
nodejs nodejs 0.10.27
nodejs nodejs 0.10.28
nodejs nodejs 0.8.0
nodejs nodejs 0.8.1
nodejs nodejs 0.8.9
nodejs nodejs 0.8.10
nodejs nodejs 0.8.17
nodejs nodejs 0.8.18
nodejs nodejs 0.8.25
nodejs nodejs 0.8.26
nodejs nodejs 0.10.6
nodejs nodejs 0.10.7
nodejs nodejs 0.10.14
nodejs nodejs 0.10.15
nodejs nodejs 0.10.22
nodejs nodejs 0.10.23

Debian Bug report logs - #760385 nodejs: CVE-2014-5256 Package: libv8-314; Maintainer for libv8-314 is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: henri@nervfi Date: Wed, 3 Sep 2014 14:24:02 UTC Severity: serious Tags: fixed-upstream, jessie-ignore, security, stretch-ignor ...

Node.js middleware for creating applications that find VIVO profiles relevant to content in the user's browser.

searchlight Nodejs middleware for creating applications that find VIVO profiles relevant to content in the user's browser ##About To learn more about searchlight and how it's been used - check out our about page ##Documentation ###Installation Install nodejs version 0126 $ git clone gitgithubcom/ragle/searchlight $ cd searchlight $ npm install ###Quic

CWE-119 http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356 http://www-01.ibm.com/support/docview.wss?uid=swg21684769 http://secunia.com/advisories/61260 http://www.mandriva.com/security/advisories?name=MDVSA-2015:142 http://advisories.mageia.org/MGASA-2014-0516.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760385 https://nvd.nist.gov https://github.com/ragle/searchlight

CVE-2014-5256

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect