Lucene search
F5F5:K17238HistorySep 08, 2015 - 12:00 a.m.
K17238 : Node.js vulnerability CVE-2015-5380
2015-09-0800:00:00
my.f5.com
22
Security Advisory Description
The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence. (CVE-2015-5380)
Impact
- For the f5-rest-node package on both the BIG-IP and BIG-IQ systems: A locally authenticated attacker with access to the command line may be able to cause a partial denial-of-service (DoS) to the system through exploitation of this issue.
- For the BIG-IQ UI node package: A remote attacker may be able to cause a denial of service (DoS) to the system through exploitation of this issue.
Related
freebsd
freebsd
node, iojs, and v8 -- denial of service
2015-07-03 00:00:00
openvas
openvas
F5 BIG-IP - Node.js vulnerability CVE-2015-5380
2015-09-18 00:00:00
io.js 'V8 utf-8 decoder' Denial Of Service Vulnerability - Windows
2015-08-04 00:00:00
Node.js 'V8 utf-8 decoder' Denial Of Service Vulnerability - Windows
2015-08-04 00:00:00
nessus
nessus
F5 Networks BIG-IP : Node.js vulnerability (SOL17238)
2015-09-09 00:00:00
ibm
ibm
nvd
nvd
CVE-2015-5380
2015-07-09 10:59:00
prion
prion
Memory corruption
2015-07-09 10:59:00
cvelist
cvelist
CVE-2015-5380
2015-07-09 10:00:00
debiancve
debiancve
CVE-2015-5380
2015-07-09 10:59:00
ubuntucve
ubuntucve
CVE-2015-5380
2015-07-09 00:00:00
f5
f5
SOL17238 - Node.js vulnerability CVE-2015-5380
2015-09-08 00:00:00
cve
cve
CVE-2015-5380
2015-07-09 10:59:00