CVE-2014-5256
V8: Memory Corruption and Stack Overflow
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack.
Node.js 0.8 anterior a 0.8.28 y 0.10 anterior a 0.10.30 no considera la posibilidad del procesamiento recursivo que provoca la recolección de basura V8 en conjunto con una interrupción V8, lo que permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria y caída de la aplicación) a través de objetos JSON profundos cuyo análisis sintáctico deje que esta interrupción enmascare un desbordamiento de la pila del programa.
It was discovered that V8 did not properly check the stack size limit in certain cases. A remote attacker able to send a request that caused a script executed by V8 to use deep recursion could trigger a stack overflow, leading to a crash of an application using V8.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-08-15 CVE Reserved
- 2014-09-05 CVE Published
- 2024-04-17 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-121: Stack-based Buffer Overflow
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://advisories.mageia.org/MGASA-2014-0516.html | X_refsource_confirm | |
| http://secunia.com/advisories/61260 | Third Party Advisory | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21684769 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow | 2015-05-12 |
| URL | Date | SRC |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:142 | 2015-05-12 | |
| https://access.redhat.com/security/cve/CVE-2014-5256 | 2014-10-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1125464 | 2014-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.0 Search vendor "Nodejs" for product "Nodejs" and version "0.8.0" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.1 Search vendor "Nodejs" for product "Nodejs" and version "0.8.1" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.2 Search vendor "Nodejs" for product "Nodejs" and version "0.8.2" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.3 Search vendor "Nodejs" for product "Nodejs" and version "0.8.3" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.4 Search vendor "Nodejs" for product "Nodejs" and version "0.8.4" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.5 Search vendor "Nodejs" for product "Nodejs" and version "0.8.5" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.6 Search vendor "Nodejs" for product "Nodejs" and version "0.8.6" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.7 Search vendor "Nodejs" for product "Nodejs" and version "0.8.7" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.8 Search vendor "Nodejs" for product "Nodejs" and version "0.8.8" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.9 Search vendor "Nodejs" for product "Nodejs" and version "0.8.9" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.10 Search vendor "Nodejs" for product "Nodejs" and version "0.8.10" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.11 Search vendor "Nodejs" for product "Nodejs" and version "0.8.11" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.12 Search vendor "Nodejs" for product "Nodejs" and version "0.8.12" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.13 Search vendor "Nodejs" for product "Nodejs" and version "0.8.13" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.14 Search vendor "Nodejs" for product "Nodejs" and version "0.8.14" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.15 Search vendor "Nodejs" for product "Nodejs" and version "0.8.15" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.16 Search vendor "Nodejs" for product "Nodejs" and version "0.8.16" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.17 Search vendor "Nodejs" for product "Nodejs" and version "0.8.17" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.18 Search vendor "Nodejs" for product "Nodejs" and version "0.8.18" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.19 Search vendor "Nodejs" for product "Nodejs" and version "0.8.19" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.20 Search vendor "Nodejs" for product "Nodejs" and version "0.8.20" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.21 Search vendor "Nodejs" for product "Nodejs" and version "0.8.21" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.22 Search vendor "Nodejs" for product "Nodejs" and version "0.8.22" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.23 Search vendor "Nodejs" for product "Nodejs" and version "0.8.23" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.24 Search vendor "Nodejs" for product "Nodejs" and version "0.8.24" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.25 Search vendor "Nodejs" for product "Nodejs" and version "0.8.25" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.26 Search vendor "Nodejs" for product "Nodejs" and version "0.8.26" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.8.27 Search vendor "Nodejs" for product "Nodejs" and version "0.8.27" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.0 Search vendor "Nodejs" for product "Nodejs" and version "0.10.0" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.1 Search vendor "Nodejs" for product "Nodejs" and version "0.10.1" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.2 Search vendor "Nodejs" for product "Nodejs" and version "0.10.2" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.3 Search vendor "Nodejs" for product "Nodejs" and version "0.10.3" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.4 Search vendor "Nodejs" for product "Nodejs" and version "0.10.4" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.5 Search vendor "Nodejs" for product "Nodejs" and version "0.10.5" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.6 Search vendor "Nodejs" for product "Nodejs" and version "0.10.6" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.7 Search vendor "Nodejs" for product "Nodejs" and version "0.10.7" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.8 Search vendor "Nodejs" for product "Nodejs" and version "0.10.8" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.9 Search vendor "Nodejs" for product "Nodejs" and version "0.10.9" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.10 Search vendor "Nodejs" for product "Nodejs" and version "0.10.10" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.11 Search vendor "Nodejs" for product "Nodejs" and version "0.10.11" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.12 Search vendor "Nodejs" for product "Nodejs" and version "0.10.12" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.13 Search vendor "Nodejs" for product "Nodejs" and version "0.10.13" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.14 Search vendor "Nodejs" for product "Nodejs" and version "0.10.14" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.15 Search vendor "Nodejs" for product "Nodejs" and version "0.10.15" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.16 Search vendor "Nodejs" for product "Nodejs" and version "0.10.16" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.17 Search vendor "Nodejs" for product "Nodejs" and version "0.10.17" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.18 Search vendor "Nodejs" for product "Nodejs" and version "0.10.18" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.19 Search vendor "Nodejs" for product "Nodejs" and version "0.10.19" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.20 Search vendor "Nodejs" for product "Nodejs" and version "0.10.20" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.21 Search vendor "Nodejs" for product "Nodejs" and version "0.10.21" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.22 Search vendor "Nodejs" for product "Nodejs" and version "0.10.22" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.23 Search vendor "Nodejs" for product "Nodejs" and version "0.10.23" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.24 Search vendor "Nodejs" for product "Nodejs" and version "0.10.24" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.25 Search vendor "Nodejs" for product "Nodejs" and version "0.10.25" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.26 Search vendor "Nodejs" for product "Nodejs" and version "0.10.26" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.27 Search vendor "Nodejs" for product "Nodejs" and version "0.10.27" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.28 Search vendor "Nodejs" for product "Nodejs" and version "0.10.28" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Nodejs Search vendor "Nodejs" for product "Nodejs" | 0.10.29 Search vendor "Nodejs" for product "Nodejs" and version "0.10.29" | - |
Affected
| ||||||