5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
V8 JavaScript engine denial of service vulnerability
CVE-ID:CVE-2014-5256
**DESCRIPTION:**V8 shipped with Node.js is vulnerable to a denial of service, caused by a memory corruption error. By sending an overly long JSON string, a remote attacker could exploit this vulnerability to cause a segmentation fault.
CVSS Base Score: 5.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95057 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
IBM SDK for Node.js v1.1.0.5 and earlier
IBM SDK for Node.js v1.1.0.6 and later
IBM SDK for Node.js can be downloaded, subject to the terms of the developerWorks license, from here.
IBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin.
CPE | Name | Operator | Version |
---|---|---|---|
ibm sdk for node.js | eq | 1.1 |