CVE-2015-5380
Last modified
CVE-2015-5380 is a vulnerability of currently unknown severity. The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.. EPSS estimates a 3.00% chance of exploitation in the next 30 days.
Description
The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| V8 | All versions | |
| Iojs | Io.Js | <= 1.8.2 |
| Iojs | Io.Js | 2.0.0 |
| Iojs | Io.Js | 2.0.1 |
| Iojs | Io.Js | 2.0.2 |
| Iojs | Io.Js | 2.1.0 |
| Iojs | Io.Js | 2.2.0 |
| Iojs | Io.Js | 2.2.1 |
| Iojs | Io.Js | 2.3.0 |
| Iojs | Io.Js | 2.3.1 |
| Iojs | Io.Js | 2.3.2 |
| Nodejs | Node.Js | <= 0.12.5 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-5380?
How severe is CVE-2015-5380?
How do I fix CVE-2015-5380?
Are you affected by CVE-2015-5380?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST