Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-09-05T17:00:00
Updated: 2015-05-08T11:57:00
Reserved: 2014-08-15T00:00:00
Link: CVE-2014-5256
JSON object: View
NVD Information
Status : Modified
Published: 2014-09-05T17:55:07.283
Modified: 2015-05-12T02:01:35.050
Link: CVE-2014-5256
JSON object: View
Redhat Information
No data.
CWE