CVE request for nodejs/v8

["Vincent Danen" <vdanen () redhat com>]

I don't see a CVE mentioned for this issue anywhere.  Can one be assigned if it has not already been?

Described on the nodejs blog as:

A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship 
with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and 
receive an interrupt may overflow the stack and result in a segmentation fault. For instance, if your work load 
involves successive JSON.parse calls and the parsed objects are significantly deep, you may experience the process 
aborting while parsing.

This issue was identified by Tom Steele of ^Lift Security and Fedor Indunty, Node.js Core Team member worked closely 
with the V8 team to find our resolution.


https://codereview.chromium.org/339883002
http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/
https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356
https://bugzilla.redhat.com/show_bug.cgi?id=1125464


-- 
Vincent Danen / Red Hat Product Security

Attachment: signature.asc
Description: OpenPGP digital signature