Memory Corruption and Application Crash via Recursive Processing in Node.js

Memory Corruption and Application Crash via Recursive Processing in Node.js

CVE-2014-5256 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack.

Learn more about our Web Application Penetration Testing UK.