oss-sec mailing list archives

Re: node.js out of band write

From: Luca Bruno <lucab () debian org>
Date: Tue, 07 Jul 2015 10:11:02 +0200

On Monday 06 July 2015 09:34:24 Florian Weimer wrote:

This release of Node.js fixes a bug that triggers an out-of-band write
in V8's utf-8 decoder. This bug impacts all Buffer to String
conversions. This is an important security update as this bug can be
used to cause a denial of service attack.


I have trouble reconciling this description with the fix in this commit:

<https://github.com/joyent/node/commit/78b0e30954111cfaba0edbeee85450d8cbc6f
df6>

Upstream v8 lacks this change.  Is it required in Node.js because
Node.js pokes at v8 internals in unsupported ways?


This should be the corresponding fix (plus testcases) on upstream v8:
https://chromium.googlesource.com/v8/v8.git/+/b199bcdd47ae97ec116b430e34ab42001c8f04c0%5E!/#F2

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.    | lucab (AT) debian.org
`. `'`                          | GPG Key ID: 0xBB1A3A854F3BBEBF
  `-     http://www.debian.org  | Debian GNU/Linux Developer

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

node.js out of band write Mark Felder (Jul 05)
- Re: node.js out of band write Florian Weimer (Jul 06)
  - Re: node.js out of band write Mark Felder (Jul 06)
  - Re: node.js out of band write Luca Bruno (Jul 07)
    - Re: node.js out of band write cve-assign (Jul 09)