{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-31T00:00:00", "descriptions": [{"lang": "en", "value": "Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-05-08T11:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684769"}, {"name": "61260", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61260"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0516.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/"}, {"name": "MDVSA-2015:142", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:142"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5256", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684769", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684769"}, {"name": "61260", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61260"}, {"name": "http://advisories.mageia.org/MGASA-2014-0516.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0516.html"}, {"name": "https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356", "refsource": "CONFIRM", "url": "https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356"}, {"name": "http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/", "refsource": "CONFIRM", "url": "http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/"}, {"name": "MDVSA-2015:142", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:142"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:41:48.492Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684769"}, {"name": "61260", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61260"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0516.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/"}, {"name": "MDVSA-2015:142", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:142"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-5256", "datePublished": "2014-09-05T17:00:00", "dateReserved": "2014-08-15T00:00:00", "dateUpdated": "2024-08-06T11:41:48.492Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "8EECDEA8-1A65-46F0-881F-A6734B8060BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "6322901D-BEB3-45CC-9124-6545A1C3FDDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "0F3C3E9C-BB4E-411A-BC35-69FE0B1B3E12", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "64A3AE78-4489-465D-8465-BD360FFF9F2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "435B32D5-A01D-43C1-B98C-600EF700A9DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "85EF8DD7-B541-4BF2-85B8-BD038683CBFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "18A1A859-E039-45EF-B81B-534A6768A2BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "C9AACA20-5685-4EB0-9A04-5D15EA4DACB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "03C0E17E-FFB0-4AF7-A9D1-AC2BE8CAF5C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "B1F17F59-DB22-4D1A-87B9-F509941CD6A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "740E8AD1-2B7C-4CEA-89A7-B0462221269D", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "7F0D89D0-CE19-4926-AFDA-6A7CD62D03C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.12:*:*:*:*:*:*:*", "matchCriteriaId": "86362EBC-7F8B-493E-A183-7AA30550FA0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "316D80BF-7012-4ECD-8B71-1884D9256622", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.14:*:*:*:*:*:*:*", "matchCriteriaId": "54A4C4A3-5377-46C5-89C3-2FC29DC32C04", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.15:*:*:*:*:*:*:*", "matchCriteriaId": "8D5DF033-8B3E-4D34-9978-0F6910B5221B", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.16:*:*:*:*:*:*:*", "matchCriteriaId": "F267FDCD-29FF-49DE-9D45-B58122E3B8A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.17:*:*:*:*:*:*:*", "matchCriteriaId": "BBF79EE2-4986-4AC2-AB86-F63C4A4BE353", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.18:*:*:*:*:*:*:*", "matchCriteriaId": "E619266F-6B24-4BF5-A9D3-3CCAC30D6E07", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.19:*:*:*:*:*:*:*", "matchCriteriaId": "46B3336B-77EF-4E8F-BA27-52B4B7976C93", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.20:*:*:*:*:*:*:*", "matchCriteriaId": "D807A3CA-F014-4A36-817C-0A7253C20F75", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.21:*:*:*:*:*:*:*", "matchCriteriaId": "6054BBE7-7038-4733-932C-35D294F06178", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.22:*:*:*:*:*:*:*", "matchCriteriaId": "02390414-DC61-4A0A-8D4F-D2F7F3297F1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.23:*:*:*:*:*:*:*", "matchCriteriaId": "8CB51204-DD98-4DD7-AD3C-C35AF8A64E3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.24:*:*:*:*:*:*:*", "matchCriteriaId": "84F02C35-1C79-472A-AE11-F73A765B0569", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.25:*:*:*:*:*:*:*", "matchCriteriaId": "758B81EE-011D-4D07-BB91-170C123DD54A", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.26:*:*:*:*:*:*:*", "matchCriteriaId": "C400D45E-9EBA-4854-8F43-FB8AAF760268", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.8.27:*:*:*:*:*:*:*", "matchCriteriaId": "2B9491E5-A731-4A43-AE5A-77673BF34674", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "95ED6BFC-2C60-47BC-9D81-B12FA6299ECE", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "CDA17A18-1A15-48C5-8C27-0882DD36A837", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "29CBE6D1-B8F8-4105-AC27-FCDA2F0DD67F", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "33EB0532-FE3F-4DD5-9202-B6F7497F3EB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "3843D5FA-123C-483D-BCDC-4CA60B5421EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.5:*:*:*:*:*:*:*", "matchCriteriaId": "E17495BA-D1FC-4E9F-9D81-0DEE4E8DAA7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.6:*:*:*:*:*:*:*", "matchCriteriaId": "2A66D198-1D74-4FA8-9BB6-738527EDCF42", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.7:*:*:*:*:*:*:*", "matchCriteriaId": "AE008466-76F6-4283-90D7-FE2931386427", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.8:*:*:*:*:*:*:*", "matchCriteriaId": "87909A60-74DA-4657-8114-266F3F55C832", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.9:*:*:*:*:*:*:*", "matchCriteriaId": "2137C8F6-81C3-4A02-BCF0-1B88DB1C09BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.10:*:*:*:*:*:*:*", "matchCriteriaId": "E7F785D4-63B9-480F-BA0B-0FD4D76A923D", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.11:*:*:*:*:*:*:*", "matchCriteriaId": "36276DD4-F0DD-46A7-8003-1E83B0F6DF56", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.12:*:*:*:*:*:*:*", "matchCriteriaId": "0D634EBF-6DFA-4064-8872-F6E995463F02", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.13:*:*:*:*:*:*:*", "matchCriteriaId": "127C3FE5-73FB-4ECB-A4F0-FCF6D1901786", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.14:*:*:*:*:*:*:*", "matchCriteriaId": "1F7AA5C1-6736-487E-A151-03E707A4ED89", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.15:*:*:*:*:*:*:*", "matchCriteriaId": "E02A2198-5F1E-4547-910F-574F38BC9A1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.16:*:*:*:*:*:*:*", "matchCriteriaId": "9DA3DF48-E2DA-4AE8-9A69-F6C6F1AFE211", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.17:*:*:*:*:*:*:*", "matchCriteriaId": "E43E6A7B-15CF-40D9-B24E-27117CBB0A42", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.18:*:*:*:*:*:*:*", "matchCriteriaId": "78F0957C-388E-4593-A966-9EA671998B47", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.19:*:*:*:*:*:*:*", "matchCriteriaId": "71CDC159-69E8-43E7-BBED-02626AAEB544", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.20:*:*:*:*:*:*:*", "matchCriteriaId": "9D60C508-DF91-4F56-B554-D2C04EEE1616", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.21:*:*:*:*:*:*:*", "matchCriteriaId": "DA875C37-EB00-41D1-A3B2-1396F6FF4FE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.22:*:*:*:*:*:*:*", "matchCriteriaId": "CFC19611-3042-451D-BD4E-AF503CCCAA8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.23:*:*:*:*:*:*:*", "matchCriteriaId": "63060D4B-0F07-46CD-AE22-313CFF6E4B05", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.24:*:*:*:*:*:*:*", "matchCriteriaId": "4590DAB4-499F-4278-827B-1F02206717D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.25:*:*:*:*:*:*:*", "matchCriteriaId": "5EF989BA-5AF4-4F6B-A3C1-6232EFE69038", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.26:*:*:*:*:*:*:*", "matchCriteriaId": "0A89BDC0-5C41-4138-A101-3E36E0FAA572", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.27:*:*:*:*:*:*:*", "matchCriteriaId": "B24B9AFB-0A5D-43D8-B393-9C3CDB36FEE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.28:*:*:*:*:*:*:*", "matchCriteriaId": "CE125030-3BB3-4791-907F-D8B1E4808360", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:nodejs:0.10.29:*:*:*:*:*:*:*", "matchCriteriaId": "C1C3D3CE-5921-43EB-8333-55ADD97584FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack."}, {"lang": "es", "value": "Node.js 0.8 anterior a 0.8.28 y 0.10 anterior a 0.10.30 no considera la posibilidad del procesamiento recursivo que provoca la recolecci\u00f3n de basura V8 en conjunto con una interrupci\u00f3n V8, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (corrupci\u00f3n de la memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de objetos JSON profundos cuyo an\u00e1lisis sint\u00e1ctico deje que esta interrupci\u00f3n enmascare un desbordamiento de la pila del programa."}], "id": "CVE-2014-5256", "lastModified": "2024-11-21T02:11:42.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-09-05T17:55:07.283", "references": [{"source": "cve@mitre.org", "url": "http://advisories.mageia.org/MGASA-2014-0516.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/61260"}, {"source": "cve@mitre.org", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684769"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:142"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2014-0516.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61260"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684769"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:1744", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "v8314-v8-1:3.14.5.10-6.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1744", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "v8314-v8-1:3.14.5.10-6.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1744", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "v8314-v8-1:3.14.5.10-6.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1744", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el7", "package": "v8314-v8-1:3.14.5.10-6.el7", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 7", "release_date": "2014-10-30T00:00:00Z"}], "bugzilla": {"description": "V8: Memory Corruption and Stack Overflow", "id": "1125464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1125464"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-121", "details": ["Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack.", "It was discovered that V8 did not properly check the stack size limit in certain cases. A remote attacker able to send a request that caused a script executed by V8 to use deep recursion could trigger a stack overflow, leading to a crash of an application using V8."], "name": "CVE-2014-5256", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Will not fix", "package_name": "ruby193-v8", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Will not fix", "package_name": "ruby193-v8", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Will not fix", "package_name": "v8", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "v8", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Will not fix", "package_name": "ruby193-v8", "product_name": "Red Hat OpenStack Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Will not fix", "package_name": "v8", "product_name": "Red Hat OpenStack Platform 4"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Will not fix", "package_name": "v8", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "ruby193-v8", "product_name": "Red Hat Subscription Asset Manager"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "v8", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2014-07-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-5256\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5256"], "statement": "Red Hat Product Security has rated this issue as having Low security impact in Red Hat Enterprise Linux OpenStack Platform. This issue is not currently planned to be addressed in a future security update.\nRed Hat Satellite 6.5 ship v8 however has been rated as a security impact of Moderate, product version Satellite 6.6 onward is not affected. Satellite 6.5 is in Maintenance Support phase of the product life cycle and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 6 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "threat_severity": "Moderate"}