Vulnerability Description
Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nodejs | Nodejs | 0.8.0 |
Related Weaknesses (CWE)
References
- http://advisories.mageia.org/MGASA-2014-0516.html
- http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/PatchVendor Advisory
- http://secunia.com/advisories/61260
- http://www-01.ibm.com/support/docview.wss?uid=swg21684769
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:142
- https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356Exploit
- http://advisories.mageia.org/MGASA-2014-0516.html
- http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/PatchVendor Advisory
- http://secunia.com/advisories/61260
- http://www-01.ibm.com/support/docview.wss?uid=swg21684769
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:142
- https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356Exploit
FAQ
What is CVE-2014-5256?
CVE-2014-5256 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote ...
How severe is CVE-2014-5256?
CVE-2014-5256 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5256?
Check the references section above for vendor advisories and patch information. Affected products include: Nodejs Nodejs.