CVE-2015-5380

Name of the Vulnerable Software and Affected Versions Node.js versions prior to 0.12.6 io.js versions prior to 1.8.3 and 2.x prior to 2.3.3 Google V8 (affected versions not specified)

Description The issue is related to the Utf8DecoderBase::WriteUtf16Slow function in Google V8, which does not verify that there is memory available for a UTF-16 surrogate pair. This allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.

Recommendations For Node.js versions prior to 0.12.6, update to version 0.12.6 or later. For io.js versions prior to 1.8.3, update to version 1.8.3 or later. For io.js 2.x versions prior to 2.3.3, update to version 2.3.3 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability in Google V8.