FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

node, iojs, and v8 -- denial of service

Affected packages
node < 0.12.6
node-devel < 0.12.6
iojs < 2.3.3
v8 <= 3.18.5
v8-devel <= 3.27.7_2

Details

VuXML ID 864e6f75-2372-11e5-86ff-14dae9d210b8
Discovery 2015-07-03
Entry 2015-07-06
Modified 2015-07-10

node reports:

This release of Node.js fixes a bug that triggers an out-of-band write in V8's utf-8 decoder. This bug impacts all Buffer to String conversions. This is an important security update as this bug can be used to cause a denial of service attack.

References

CVE Name CVE-2015-5380
URL http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable/
URL https://codereview.chromium.org/1226493003
URL https://github.com/joyent/node/commit/78b0e30954111cfaba0edbeee85450d8cbc6fdf6
URL https://github.com/nodejs/io.js/commit/030f8045c706a8c3925ec7cb3184fdfae4ba8676