Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 03 Sep 2014 10:40:00 -0600
From: "Vincent Danen" <>
To: "OSS Security List" <>
Subject: Re: CVE request for nodejs/v8

On 09/03/2014, at 10:32 AM, Vincent Danen wrote:

> I don't see a CVE mentioned for this issue anywhere.  Can one be assigned if it has not already been?
> Described on the nodejs blog as:
> A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and receive an interrupt may overflow the stack and result in a segmentation fault. For instance, if your work load involves successive JSON.parse calls and the parsed objects are significantly deep, you may experience the process aborting while parsing.
> This issue was identified by Tom Steele of ^Lift Security and Fedor Indunty, Node.js Core Team member worked closely with the V8 team to find our resolution.

Sorry, just realized that Tomas asked the same question a few hours ago:

"CVE request: V8 Memory Corruption and Stack Overflow"

They're the same thing.

Vincent Danen / Red Hat Product Security

Download attachment "signature.asc" of type "application/pgp-signature" (711 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ