Veracode Vulnerability DatabaseVERACODE:1288

HistorySep 23, 2014 - 1:51 p.m.

Denial Of Service (DoS)

2014-09-2313:51:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

node is vulnerable to denial of service. Improper processing of a V8 garbage collection from a V8 interrupt allows remote attackers to cause high memory consumption leading to a denial of service condition via deep JSON objects which allows the interrupt to mask an overflow of the program stack.

CPENameOperatorVersion
nodele0.8.27
nodele0.10.29
v8314-v8eq3.14.5.10__3.6.el6

Name	Operator	Version
node	le	0.8.27
node	le	0.10.29
v8314-v8	eq	3.14.5.10__3.6.el6

References

advisories.mageia.org/MGASA-2014-0516.html

blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/

secunia.com/advisories/61260

www-01.ibm.com/support/docview.wss?uid=swg21684769

www.mandriva.com/security/advisories?name=MDVSA-2015:142

github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for VERACODE:1288