CVE-2015-5380

2015-07-0910:59:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.008

Percentile

81.1%

JSON

The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.

OSVersionArchitecturePackageVersionFilename
Debian12allnodejs< 18.19.0+dfsg-6~deb12u2nodejs_18.19.0+dfsg-6~deb12u2_all.deb
Debian11allnodejs< 12.22.12~dfsg-1~deb11u4nodejs_12.22.12~dfsg-1~deb11u4_all.deb
Debian999allnodejs< 20.17.0+dfsg-2nodejs_20.17.0+dfsg-2_all.deb
Debian13allnodejs< 20.17.0+dfsg-2nodejs_20.17.0+dfsg-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	nodejs	< 18.19.0+dfsg-6~deb12u2	nodejs_18.19.0+dfsg-6~deb12u2_all.deb
Debian	11	all	nodejs	< 12.22.12~dfsg-1~deb11u4	nodejs_12.22.12~dfsg-1~deb11u4_all.deb
Debian	999	all	nodejs	< 20.17.0+dfsg-2	nodejs_20.17.0+dfsg-2_all.deb
Debian	13	all	nodejs	< 20.17.0+dfsg-2	nodejs_20.17.0+dfsg-2_all.deb