CVE-2015-5380

Опубликовано: 03 июл. 2015

Источник: redhat

CVSS2: 4.3

Описание

The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.

Отчет

This issue affects the versions of nodejs as shipped with various Red Hat Enterprise products. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Red Hat Satellite 6.5 ship v8 however has been rated as a security impact of Moderate, product version Satellite 6.6 onward is not affected. Satellite 6.5 is in Maintenance Support phase of the product life cycle and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 6 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)	v8	Not affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)	v8	Not affected
Red Hat OpenShift Enterprise 2	v8	Will not fix
Red Hat Satellite 6	v8	Will not fix
Red Hat Software Collections	nodejs010-nodejs	Not affected
Red Hat Software Collections	v8314-v8	Will not fix
Red Hat Subscription Asset Manager	v8	Will not fix