CVE-2014-5256
EPSS 1.3%Published: 9/5/2014Modified: 4/28/2026
Also known as:DEBIAN-CVE-2014-5256
Description
Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack.
Affected packages (1)
- Debian/nodejsfrom 0, < 0.10.38~dfsg-1