Executive Summary

Informations
NameCVE-2015-5380First vendor Publication2015-07-09
VendorCveLast vendor Modification2016-11-28

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5380

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application10
Application247

Nessus® Vulnerability Scanner

DateDescription
2015-09-09Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL17238.nasl - Type : ACT_GATHER_INFO
2015-07-06Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_864e6f75237211e586ff14dae9d210b8.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/75556
CONFIRM http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable/
https://codereview.chromium.org/1226493003
https://github.com/joyent/node/issues/25583
https://medium.com/@iojs/important-security-upgrades-for-node-js-and-io-js-8a...

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
DateInformations
2018-08-09 12:03:52
  • Multiple Updates
2018-06-28 12:01:38
  • Multiple Updates
2017-11-16 12:06:13
  • Multiple Updates
2017-10-04 12:02:38
  • Multiple Updates
2017-01-25 12:05:27
  • Multiple Updates
2016-11-29 00:25:20
  • Multiple Updates
2016-10-13 12:00:48
  • Multiple Updates
2016-04-27 02:36:37
  • Multiple Updates
2015-09-10 13:26:37
  • Multiple Updates
2015-07-18 13:29:43
  • Multiple Updates
2015-07-16 09:31:01
  • Multiple Updates
2015-07-09 21:27:25
  • Multiple Updates
2015-07-09 17:26:44
  • First insertion