Security Bulletin: IBM® SDK for Node.js™ may be affected by CVE-2016-1669

Summary

Buffer overflow in the Google V8 Javascript implementation used by IBM SDK for Node.js

Vulnerability Details

CVEID: CVE-2016-1669**
DESCRIPTION:** Google Chrome is vulnerable to a buffer overflow, caused by an error in V8. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113145&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

Affected Products and Versions

These vulnerabilities affect IBM SDK for Node.js v1.1.1.2 and previous releases.
These vulnerabilities affect IBM SDK for Node.js v1.2.0.13 and previous releases.
These vulnerabilities affect IBM SDK for Node.js v4.4.5.0 and previous releases.
These vulnerabilities affect IBM SDK for Node.js v6.1.0.0 and previous releases.

Remediation/Fixes

The fixes for these vulnerabilities are included in IBM SDK for Node.js v1.1.1.3 and subsequent releases.
The fixes for these vulnerabilities are included in IBM SDK for Node.js v1.2.0.14 and subsequent releases.
The fixes for these vulnerabilities are included in IBM SDK for Node.js v4.4.6.0 and subsequent releases.
The fixes for these vulnerabilities are included in IBM SDK for Node.js v6.2.0.0 and subsequent releases.

IBM SDK for Node.js can be downloaded, subject to the terms of the developerWorks license, from here.

IBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin.