CVE-2015-5380

The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.
Configurations

Configuration 1 (hide)

cpe:2.3:a:google:v8:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:iojs:io.js:*:*:*:*:*:*:*:*
cpe:2.3:a:iojs:io.js:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:iojs:io.js:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:iojs:io.js:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:iojs:io.js:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:iojs:io.js:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:iojs:io.js:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:iojs:io.js:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:iojs:io.js:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:iojs:io.js:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:32

Type Values Removed Values Added
References () http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable/ - Patch () http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable/ - Patch
References () http://www.securityfocus.com/bid/75556 - () http://www.securityfocus.com/bid/75556 -
References () https://codereview.chromium.org/1226493003 - () https://codereview.chromium.org/1226493003 -
References () https://github.com/joyent/node/issues/25583 - () https://github.com/joyent/node/issues/25583 -
References () https://medium.com/%40iojs/important-security-upgrades-for-node-js-and-io-js-8ac14ece5852 - () https://medium.com/%40iojs/important-security-upgrades-for-node-js-and-io-js-8ac14ece5852 -

07 Nov 2023, 02:26

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@iojs/important-security-upgrades-for-node-js-and-io-js-8ac14ece5852', 'name': 'https://medium.com/@iojs/important-security-upgrades-for-node-js-and-io-js-8ac14ece5852', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'CONFIRM'}
  • () https://medium.com/%40iojs/important-security-upgrades-for-node-js-and-io-js-8ac14ece5852 -

Information

Published : 2015-07-09 10:59

Updated : 2024-11-21 02:32


NVD link : CVE-2015-5380

Mitre link : CVE-2015-5380

CVE.ORG link : CVE-2015-5380


JSON object : View

Products Affected

google

  • v8

nodejs

  • node.js

iojs

  • io.js
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer