CVE-2015-8027
https://notcve.org/view.php?id=CVE-2015-8027
Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request. Node.js 0.12.x en versiones anteriores a 0.12.9, 4.x en versiones anteriores a 4.2.3 y 5.x en versiones anteriores a 5.1.1 no asegura la disponibilidad de un analizador para cada socket HTTP, lo que permite a atacantes remotos provocar una denegación de servicio (uncaughtException e interrupción de servicio) a través de una petición HTTP con pipelining. • http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html http://www-01.ibm.com/support/docview.wss?uid=swg1IV79524 http://www-01.ibm.com/support/docview.wss?uid=swg21972419 http://www.securityfocus.com/bid/78207 https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764 https://nodejs.org/en/blog/vulnerability/december-2015-security-releases https://security.gentoo.org/glsa/201612-43 • CWE-17: DEPRECATED: Code •
CVE-2015-6764 – v8: unspecified out-of-bounds access vulnerability
https://notcve.org/view.php?id=CVE-2015-6764
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code. La función BasicJsonStringifier::SerializeJSArray en json-stringifier.h en el stringifier JSON en Google V8, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.73, carga indebidamente elementos de un array, lo que permite a atacantes remotos causar una denegación de servicio (acceso a memoria fuera de rango) o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html http://www.debian.org/security/2015/dsa-3415 http://www.securityfocus.com/bid/78209 http://www.securitytracker.com/id/1034298 https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3193
https://notcve.org/view.php?id=CVE-2015-3193
The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. La implementación de exponenciación al cuadrado de Montgomery en crypto/bn/asm/x86_64-mont5.pl en OpenSSL 1.0.2 en versiones anteriores a 1.0.2e en la plataforma x86_64, como se utiliza por la función BN_mod_exp, no maneja correctamente la propagación de acarreo y produce una salida incorrecta, lo que hace más fácil para atacantes remotos obtener información sensible de las claves privadas a través de un ataque contra el uso de una suite de cifrado (1) Diffie-Hellman (DH) o (2) Diffie-Hellman Ephemeral (DHE). • http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://openssl.org/news/secadv/20151203.txt http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl http://www.fortiguard.com/advisory/openssl-advisory-december-2015 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-3194 – OpenSSL: Certificate verify crash with missing PSS parameter
https://notcve.org/view.php?id=CVE-2015-3194
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. crypto/rsa/rsa_ameth.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de una firma RSA PSS ASN.1 que carece de un parámetro de función de generación de máscara. A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacker could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. • http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html http://lists.opensus • CWE-476: NULL Pointer Dereference •
CVE-2015-5380
https://notcve.org/view.php?id=CVE-2015-5380
The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence. La función de Utf8DecoderBase::WriteUtf16Slow en unicode.decoder.cc en Google V8, al igual que como se usa en Node.js anterior a 0.12.6, io.js anterior a 1.8.3 y 2.x antes de 2.3.3 y otros productos, no verifica que haya memoria disponible para un par surrogado UTF-16, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o la posibilidad de causar otro impacto a través de una secuencia de bytes manipulada. • http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable http://www.securityfocus.com/bid/75556 https://codereview.chromium.org/1226493003 https://github.com/joyent/node/issues/25583 https://medium.com/%40iojs/important-security-upgrades-for-node-js-and-io-js-8ac14ece5852 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •