NVD

Id
32985  
Name
CVE-2014-5256  
Description
Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2014-09-05  
Modified Date
2015-05-11  
Seq
2014-5256  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
173136 32985 CVE-2014-5256 http://advisories.mageia.org/MGASA-2014-0516.html  View
173137 32985 CVE-2014-5256 http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/  View
173138 32985 CVE-2014-5256 http://www-01.ibm.com/support/docview.wss?uid=swg21684769  View
173139 32985 CVE-2014-5256 MDVSA-2015:142  View
173140 32985 CVE-2014-5256 https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
15193 JVNDB-2014-004068 Node.js におけるサービス運用妨害 (DoS) の脆弱性 Node.js は、V8 割り込みに関連した V8 ガベージコレクションを誘発する再帰的プロセスの可能性を考慮しないため、サービス運用妨害 (メモリ破損およびアプリケーションクラッシュ) 状態にされる脆弱性が存在します。 CVE-2014-5256 72545 CVE-2014-5256 32985 5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004068.html 2014-07-31 2015-06-26 View