Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMAEB1386E755FAE1F00B613A75BBA10A71B37333F7D2A791030C4B983DB2FAAA1
HistoryAug 09, 2018 - 4:20 a.m.

Security Bulletin: Current Release of IBM® SDK for Node.js™ is affected by CVE-2014-5256

2018-08-0904:20:36
www.ibm.com
7

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Summary

V8 JavaScript engine denial of service vulnerability

Vulnerability Details

CVE-ID:CVE-2014-5256

**DESCRIPTION:**V8 shipped with Node.js is vulnerable to a denial of service, caused by a memory corruption error. By sending an overly long JSON string, a remote attacker could exploit this vulnerability to cause a segmentation fault.

CVSS Base Score: 5.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95057 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

IBM SDK for Node.js v1.1.0.5 and earlier

Remediation/Fixes

IBM SDK for Node.js v1.1.0.6 and later

IBM SDK for Node.js can be downloaded, subject to the terms of the developerWorks license, from here.

IBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin.

CPENameOperatorVersion
ibm sdk for node.jseq1.1

Related

prion 1
ibm 2
debiancve 1
cvelist 1
cve 1
veracode 4
ubuntucve 1
openvas 1
nessus 1
mageia 1
redhat 1
prion
prion
Memory corruption
2014-09-05 17:55:00
ibm
ibm
Security Bulletin: A security vulnerability in Node.js affects the IBM Business Process Manager (BPM) configuration editor (CVE-2014-5256)
2018-06-15 07:01:40
Security Bulletin: Multiple vulnerabilities affecting the Cordova platform and IBM SDK Node.js packaged with Rational Software Architect and Rational Software Architect for WebSphere Software
2020-09-10 15:43:59
debiancve
debiancve
CVE-2014-5256
2014-09-05 17:55:00
cvelist
cvelist
CVE-2014-5256
2014-09-05 17:00:00
cve
cve
CVE-2014-5256
2014-09-05 17:55:00
veracode
veracode
Denial Of Service (DoS)
2014-09-23 13:51:27
Denial Of Service (DoS)
2019-05-02 05:04:13
Denial Of Service (DoS)
2019-05-02 05:04:12
ubuntucve
ubuntucve
CVE-2014-5256
2014-09-05 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0516)
2022-01-28 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : nodejs (MDVSA-2015:142)
2015-03-30 00:00:00
mageia
mageia
Updated nodejs package fixes security vulnerabilities
2014-12-09 23:12:41
redhat
redhat
(RHSA-2014:1744) Moderate: v8314-v8 security update
2014-10-30 12:43:02

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON
Related for AEB1386E755FAE1F00B613A75BBA10A71B37333F7D2A791030C4B983DB2FAAA1
prion1ibm2debiancve1cvelist1cve1veracode4ubuntucve1openvas1nessus1mageia1redhat1