DEBIAN-CVE-2014-5256

Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service memory corruption and application crash via deep JSON...

CVE-2014-5256

Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service memory corruption and application crash via deep JSON...

CVE-2014-5256

Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service memory corruption and application crash via deep JSON...

Memory corruption

Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service memory corruption and application crash via deep JSON...

CVE-2014-5256

Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service memory corruption and application crash via deep JSON...

CVE-2014-5256

Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service memory corruption and application crash via deep JSON...

CVE-2014-5256

Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service memory corruption and application crash via deep JSON...

CVE-2014-5256

CVE-2014-5256 affects Node.js runtimes using V8 where a memory corruption in recursive parsing of deep JSON objects can be triggered by a V8 interrupt, potentially causing a denial of service via a stack overflow. Affected versions include Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30. Connec...

Fedora 19 : v8-3.14.5.10-11.fc19 (2014-9113)

TJ Fontaine of the Node.js project reports : A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and receive an...

Fedora 20 : v8-3.14.5.10-11.fc20 (2014-9095)

TJ Fontaine of the Node.js project reports : A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and receive an...

V8 Memory Corruption and Stack Overflow (fixed in Node v0.8.28 and v0.10.30)

V8 Memory Corruption and Stack Overflow fixed in Node v0.8.28 and v0.10.30 A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may...

CVE-2014-3742

The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service file descriptor consumption and process crash via unspecified vectors...

CVE-2013-7379

The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in the access-key header that partially matches config.master.api.accesskey...

Authentication flaw

The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in the access-key header that partially matches config.master.api.accesskey...

Hardcoded credentials

The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service file descriptor consumption and process crash via unspecified vectors...

CVE-2014-3742

The CVE-2014-3742 entry applies to the hapi server framework for Node.js, affecting versions 2.0.x and 2.1.x prior to 2.2.0. The vulnerability is a denial-of-service caused by a file descriptor leak that can exhaust descriptors and crash the process. Connected advisories confirm this DoS vector a...

CVE-2014-3742

The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service file descriptor consumption and process crash via unspecified vectors...

CVE-2013-7379

The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in the access-key header that partially matches config.master.api.accesskey...

CVE-2013-7379

CVE-2013-7379 describes an authentication bypass in the Node.js tomato module before 0.0.6. The admin API validates the access_key by checking if the server key contains the provided value (config.master.api.access_key.indexOf(access_key) !== -1), enabling an attacker to authenticate with a singl...

MGASA-2014-0007 Updated nodejs package fixes security vulnerabilities

A denial of service flaw was found in the way Node.js handled pipelined HTTP requests. A remote attacker could use this flaw to send an excessive amount of HTTP requests over a network connection, causing Node.js to use an excessive amount of memory and possibly exit when all available memory is...