Memory Corruption Vulnerability in Node.js and Google V8 Products
CVE-2015-5380

Currently unrated

Key Information:

Vendor

Google
Status
V8
Vendor
CVE Published:
9 July 2015

What is CVE-2015-5380?

The Utf8DecoderBase::WriteUtf16Slow function in the unicode-decoder.cc file of the Google V8 engine, utilized in Node.js and io.js, is vulnerable due to its failure to verify memory availability for UTF-16 surrogate pairs. This flaw could be exploited by remote attackers to induce a denial of service through crafted byte sequences, resulting in potential memory corruption and service disruption.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://codereview.chromium.org/1226493003
x_refsource_CONFIRM
https://medium.com/%40iojs/important-security-upgrades-fo...
x_refsource_CONFIRM
https://github.com/joyent/node/issues/25583
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.