CVE-2014-5256
published 2014-09-05CVE-2014-5256: Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction…
medium5CVSS 3.1
AVNACLAuNCNINAP
Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack.
Affected
63 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nodejs | < nodejs 0.10.38~dfsg-1 (bookworm) | nodejs 0.10.38~dfsg-1 (bookworm) |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM