CVE-2014-5256: Buffer Overflow
First published: Fri Sep 05 2014(Updated: )
Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nodejs Nodejs | =0.8.0 | |
| Nodejs Nodejs | =0.8.1 | |
| Nodejs Nodejs | =0.8.2 | |
| Nodejs Nodejs | =0.8.3 | |
| Nodejs Nodejs | =0.8.4 | |
| Nodejs Nodejs | =0.8.5 | |
| Nodejs Nodejs | =0.8.6 | |
| Nodejs Nodejs | =0.8.7 | |
| Nodejs Nodejs | =0.8.8 | |
| Nodejs Nodejs | =0.8.9 | |
| Nodejs Nodejs | =0.8.10 | |
| Nodejs Nodejs | =0.8.11 | |
| Nodejs Nodejs | =0.8.12 | |
| Nodejs Nodejs | =0.8.13 | |
| Nodejs Nodejs | =0.8.14 | |
| Nodejs Nodejs | =0.8.15 | |
| Nodejs Nodejs | =0.8.16 | |
| Nodejs Nodejs | =0.8.17 | |
| Nodejs Nodejs | =0.8.18 | |
| Nodejs Nodejs | =0.8.19 | |
| Nodejs Nodejs | =0.8.20 | |
| Nodejs Nodejs | =0.8.21 | |
| Nodejs Nodejs | =0.8.22 | |
| Nodejs Nodejs | =0.8.23 | |
| Nodejs Nodejs | =0.8.24 | |
| Nodejs Nodejs | =0.8.25 | |
| Nodejs Nodejs | =0.8.26 | |
| Nodejs Nodejs | =0.8.27 | |
| Nodejs Nodejs | =0.10.0 | |
| Nodejs Nodejs | =0.10.1 | |
| Nodejs Nodejs | =0.10.2 | |
| Nodejs Nodejs | =0.10.3 | |
| Nodejs Nodejs | =0.10.4 | |
| Nodejs Nodejs | =0.10.5 | |
| Nodejs Nodejs | =0.10.6 | |
| Nodejs Nodejs | =0.10.7 | |
| Nodejs Nodejs | =0.10.8 | |
| Nodejs Nodejs | =0.10.9 | |
| Nodejs Nodejs | =0.10.10 | |
| Nodejs Nodejs | =0.10.11 | |
| Nodejs Nodejs | =0.10.12 | |
| Nodejs Nodejs | =0.10.13 | |
| Nodejs Nodejs | =0.10.14 | |
| Nodejs Nodejs | =0.10.15 | |
| Nodejs Nodejs | =0.10.16 | |
| Nodejs Nodejs | =0.10.17 | |
| Nodejs Nodejs | =0.10.18 | |
| Nodejs Nodejs | =0.10.19 | |
| Nodejs Nodejs | =0.10.20 | |
| Nodejs Nodejs | =0.10.21 | |
| Nodejs Nodejs | =0.10.22 | |
| Nodejs Nodejs | =0.10.23 | |
| Nodejs Nodejs | =0.10.24 | |
| Nodejs Nodejs | =0.10.25 | |
| Nodejs Nodejs | =0.10.26 | |
| Nodejs Nodejs | =0.10.27 | |
| Nodejs Nodejs | =0.10.28 | |
| Nodejs Nodejs | =0.10.29 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://advisories.mageia.org/MGASA-2014-0516.html
- http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/
- http://secunia.com/advisories/61260
- http://www-01.ibm.com/support/docview.wss?uid=swg21684769
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:142
- https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/nodejs
- canonical/nodejs nodejs
- version/nodejs nodejs/0.8.0
- version/nodejs nodejs/0.8.1
- version/nodejs nodejs/0.8.2
- version/nodejs nodejs/0.8.3
- version/nodejs nodejs/0.8.4
- version/nodejs nodejs/0.8.5
- version/nodejs nodejs/0.8.6
- version/nodejs nodejs/0.8.7
- version/nodejs nodejs/0.8.8
- version/nodejs nodejs/0.8.9
- version/nodejs nodejs/0.8.10
- version/nodejs nodejs/0.8.11
- version/nodejs nodejs/0.8.12
- version/nodejs nodejs/0.8.13
- version/nodejs nodejs/0.8.14
- version/nodejs nodejs/0.8.15
- version/nodejs nodejs/0.8.16
- version/nodejs nodejs/0.8.17
- version/nodejs nodejs/0.8.18
- version/nodejs nodejs/0.8.19
- version/nodejs nodejs/0.8.20
- version/nodejs nodejs/0.8.21
- version/nodejs nodejs/0.8.22
- version/nodejs nodejs/0.8.23
- version/nodejs nodejs/0.8.24
- version/nodejs nodejs/0.8.25
- version/nodejs nodejs/0.8.26
- version/nodejs nodejs/0.8.27
- version/nodejs nodejs/0.10.0
- version/nodejs nodejs/0.10.1
- version/nodejs nodejs/0.10.2
- version/nodejs nodejs/0.10.3
- version/nodejs nodejs/0.10.4
- version/nodejs nodejs/0.10.5
- version/nodejs nodejs/0.10.6
- version/nodejs nodejs/0.10.7
- version/nodejs nodejs/0.10.8
- version/nodejs nodejs/0.10.9
- version/nodejs nodejs/0.10.10
- version/nodejs nodejs/0.10.11
- version/nodejs nodejs/0.10.12
- version/nodejs nodejs/0.10.13
- version/nodejs nodejs/0.10.14
- version/nodejs nodejs/0.10.15
- version/nodejs nodejs/0.10.16
- version/nodejs nodejs/0.10.17
- version/nodejs nodejs/0.10.18
- version/nodejs nodejs/0.10.19
- version/nodejs nodejs/0.10.20
- version/nodejs nodejs/0.10.21
- version/nodejs nodejs/0.10.22
- version/nodejs nodejs/0.10.23
- version/nodejs nodejs/0.10.24
- version/nodejs nodejs/0.10.25
- version/nodejs nodejs/0.10.26
- version/nodejs nodejs/0.10.27
- version/nodejs nodejs/0.10.28
- version/nodejs nodejs/0.10.29