Buffer overflow in Google V8

CVE-2015-5380

The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 sur…

Vulnerability class: Buffer Overflow

EPSS: 0.006 (70.5th percentile) — read the EPSS interpretation.

Affected products

Google V8
Iojs Io.js — versions 2.0.0, 2.0.1, 2.0.2
Nodejs Node.js
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM, Patch)
75556 (vdb-entry, x_refsource_BID)