oss-sec mailing list archives
node.js out of band write
From: Mark Felder <feld () feld me>
Date: Sun, 05 Jul 2015 18:51:37 -0500
Node has resolved a security vulnerability in their most recent release but do not appear to have requested a CVE ID. http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable/ Node v0.12.6 (Stable) Sat, 04 Jul 2015 02:34:23 UTC - release This release of Node.js fixes a bug that triggers an out-of-band write in V8's utf-8 decoder. This bug impacts all Buffer to String conversions. This is an important security update as this bug can be used to cause a denial of service attack.
Current thread:
- node.js out of band write Mark Felder (Jul 05)
- Re: node.js out of band write Florian Weimer (Jul 06)
- Re: node.js out of band write Mark Felder (Jul 06)
- Re: node.js out of band write Luca Bruno (Jul 07)
- Re: node.js out of band write cve-assign (Jul 09)
- Re: node.js out of band write Florian Weimer (Jul 06)