This repository has been archived by the owner on Apr 22, 2023. It is now read-only.
CVE-2013-2838 v8: Denial of service (out-of-bounds read) via unspecified vector #5535
Comments
|
That's "Fixed beyond-heap load on x64 Crankshafted StringCharFromCode", right? v0.8 and v0.10 aren't affected and the bug in master was fixed a while ago (the relevant V8 commit is v8/v8@a295634, by the way.) Thanks for bringing it to our attention though! |
gibfahn
pushed a commit
to ibmruntimes/node
that referenced
this issue
Apr 26, 2016
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.
* Buffer
* New Buffer constructors have been added
[nodejs#4682](nodejs/node#4682)
* Previously deprecated Buffer APIs are removed
[nodejs#5048](nodejs/node#5048),
[nodejs#4594](nodejs/node#4594)
* Improved error handling [nodejs#4514](nodejs/node#4514)
* Cluster
* Worker emitted as first argument in 'message' event
[nodejs#5361](nodejs/node#5361).
* Crypto
* Improved error handling [nodejs#3100](nodejs/node#3100),
[nodejs#5611](nodejs/node#5611)
* Simplified Certificate class bindings
[nodejs#5382](nodejs/node#5382)
* Improved control over FIPS mode
[nodejs#5181](nodejs/node#5181)
* pbkdf2 digest overloading is deprecated
[nodejs#4047](nodejs/node#4047)
* Dependencies
* Reintroduce shared c-ares build support
[nodejs#5775](nodejs/node#5775).
* V8 updated to 5.0.71.31 [nodejs#6111](nodejs/node#6111).
* DNS
* Add resolvePtr API to query plain DNS PTR records
[nodejs#4921](nodejs/node#4921).
* Domains
* Clear stack when no error handler
[nodejs#4659](nodejs/node#4659).
* File System
* The `fs.realpath()` and `fs.realpathSync()` methods have been updated
to use a more efficient libuv implementation. This change includes the
removal of the `cache` argument and the method can throw new errors
[nodejs#3594](nodejs/node#3594)
* FS apis can now accept and return paths as Buffers
[nodejs#5616](nodejs/node#5616).
* Error handling and type checking improvements
[nodejs#5616](nodejs/node#5616),
[nodejs#5590](nodejs/node#5590),
[nodejs#4518](nodejs/node#4518),
[nodejs#3917](nodejs/node#3917).
* fs.read's string interface is deprecated
[nodejs#4525](nodejs/node#4525)
* HTTP
* 'clientError' can now be used to return custom errors from an
HTTP server [nodejs#4557](nodejs/node#4557).
* Modules
* Current directory is now prioritized for local lookups
[nodejs#5689](nodejs/node#5689)
* Symbolic links are preserved when requiring modules
[nodejs#5950](nodejs/node#5950)
* Net
* DNS hints no longer implicitly set
[nodejs#6021](nodejs/node#6021).
* Improved error handling and type checking
[nodejs#5981](nodejs/node#5981),
[nodejs#5733](nodejs/node#5733),
[nodejs#2904](nodejs/node#2904)
* Path
* Improved type checking [nodejs#5348](nodejs/node#5348).
* Process
* Introduce process warnings API
[nodejs#4782](nodejs/node#4782).
* Throw exception when non-function passed to nextTick
[nodejs#3860](nodejs/node#3860).
* Readline
* Emit key info unconditionally
[nodejs#6024](nodejs/node#6024)
* REPL
* Assignment to `_` will emit a warning.
[nodejs#5535](nodejs/node#5535)
* Timers
* Fail early when callback is not a function
[nodejs#4362](nodejs/node#4362)
* TLS
* Rename 'clientError' to 'tlsClientError'
[nodejs#4557](nodejs/node#4557)
* SHA1 used for sessionIdContext
[nodejs#3866](nodejs/node#3866)
* TTY
* Previously deprecated setRawMode wrapper is removed
[nodejs#2528](nodejs/node#2528).
* Util
* Changes to Error object formatting
[nodejs#4582](nodejs/node#4582).
* Windows
* Windows XP and Vista are no longer supported
[nodejs#5167](nodejs/node#5167),
[nodejs#5167](nodejs/node#5167).
gibfahn
pushed a commit
to ibmruntimes/node
that referenced
this issue
Apr 27, 2016
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.
* Buffer
* New Buffer constructors have been added
[nodejs#4682](nodejs/node#4682)
* Previously deprecated Buffer APIs are removed
[nodejs#5048](nodejs/node#5048),
[nodejs#4594](nodejs/node#4594)
* Improved error handling [nodejs#4514](nodejs/node#4514)
* Cluster
* Worker emitted as first argument in 'message' event
[nodejs#5361](nodejs/node#5361).
* Crypto
* Improved error handling [nodejs#3100](nodejs/node#3100),
[nodejs#5611](nodejs/node#5611)
* Simplified Certificate class bindings
[nodejs#5382](nodejs/node#5382)
* Improved control over FIPS mode
[nodejs#5181](nodejs/node#5181)
* pbkdf2 digest overloading is deprecated
[nodejs#4047](nodejs/node#4047)
* Dependencies
* Reintroduce shared c-ares build support
[nodejs#5775](nodejs/node#5775).
* V8 updated to 5.0.71.31 [nodejs#6111](nodejs/node#6111).
* DNS
* Add resolvePtr API to query plain DNS PTR records
[nodejs#4921](nodejs/node#4921).
* Domains
* Clear stack when no error handler
[nodejs#4659](nodejs/node#4659).
* File System
* The `fs.realpath()` and `fs.realpathSync()` methods have been updated
to use a more efficient libuv implementation. This change includes the
removal of the `cache` argument and the method can throw new errors
[nodejs#3594](nodejs/node#3594)
* FS apis can now accept and return paths as Buffers
[nodejs#5616](nodejs/node#5616).
* Error handling and type checking improvements
[nodejs#5616](nodejs/node#5616),
[nodejs#5590](nodejs/node#5590),
[nodejs#4518](nodejs/node#4518),
[nodejs#3917](nodejs/node#3917).
* fs.read's string interface is deprecated
[nodejs#4525](nodejs/node#4525)
* HTTP
* 'clientError' can now be used to return custom errors from an
HTTP server [nodejs#4557](nodejs/node#4557).
* Modules
* Current directory is now prioritized for local lookups
[nodejs#5689](nodejs/node#5689)
* Symbolic links are preserved when requiring modules
[nodejs#5950](nodejs/node#5950)
* Net
* DNS hints no longer implicitly set
[nodejs#6021](nodejs/node#6021).
* Improved error handling and type checking
[nodejs#5981](nodejs/node#5981),
[nodejs#5733](nodejs/node#5733),
[nodejs#2904](nodejs/node#2904)
* OS X
* MACOSX_DEPLOYMENT_TARGET has been bumped up to 10.7
[nodejs#6402](nodejs/node#6402).
* Path
* Improved type checking [nodejs#5348](nodejs/node#5348).
* Process
* Introduce process warnings API
[nodejs#4782](nodejs/node#4782).
* Throw exception when non-function passed to nextTick
[nodejs#3860](nodejs/node#3860).
* Readline
* Emit key info unconditionally
[nodejs#6024](nodejs/node#6024)
* REPL
* Assignment to `_` will emit a warning.
[nodejs#5535](nodejs/node#5535)
* Timers
* Fail early when callback is not a function
[nodejs#4362](nodejs/node#4362)
* TLS
* Rename 'clientError' to 'tlsClientError'
[nodejs#4557](nodejs/node#4557)
* SHA1 used for sessionIdContext
[nodejs#3866](nodejs/node#3866)
* TTY
* Previously deprecated setRawMode wrapper is removed
[nodejs#2528](nodejs/node#2528).
* Util
* Changes to Error object formatting
[nodejs#4582](nodejs/node#4582).
* Windows
* Windows XP and Vista are no longer supported
[nodejs#5167](nodejs/node#5167),
[nodejs#5167](nodejs/node#5167).
gibfahn
pushed a commit
to ibmruntimes/node
that referenced
this issue
May 6, 2016
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.
* Buffer
* New Buffer constructors have been added
[nodejs#4682](nodejs/node#4682)
* Previously deprecated Buffer APIs are removed
[nodejs#5048](nodejs/node#5048),
[nodejs#4594](nodejs/node#4594)
* Improved error handling [nodejs#4514](nodejs/node#4514)
* Cluster
* Worker emitted as first argument in 'message' event
[nodejs#5361](nodejs/node#5361).
* Crypto
* Improved error handling [nodejs#3100](nodejs/node#3100),
[nodejs#5611](nodejs/node#5611)
* Simplified Certificate class bindings
[nodejs#5382](nodejs/node#5382)
* Improved control over FIPS mode
[nodejs#5181](nodejs/node#5181)
* pbkdf2 digest overloading is deprecated
[nodejs#4047](nodejs/node#4047)
* Dependencies
* Reintroduce shared c-ares build support
[nodejs#5775](nodejs/node#5775).
* V8 updated to 5.0.71.31 [nodejs#6111](nodejs/node#6111).
* DNS
* Add resolvePtr API to query plain DNS PTR records
[nodejs#4921](nodejs/node#4921).
* Domains
* Clear stack when no error handler
[nodejs#4659](nodejs/node#4659).
* File System
* The `fs.realpath()` and `fs.realpathSync()` methods have been updated
to use a more efficient libuv implementation. This change includes the
removal of the `cache` argument and the method can throw new errors
[nodejs#3594](nodejs/node#3594)
* FS apis can now accept and return paths as Buffers
[nodejs#5616](nodejs/node#5616).
* Error handling and type checking improvements
[nodejs#5616](nodejs/node#5616),
[nodejs#5590](nodejs/node#5590),
[nodejs#4518](nodejs/node#4518),
[nodejs#3917](nodejs/node#3917).
* fs.read's string interface is deprecated
[nodejs#4525](nodejs/node#4525)
* HTTP
* 'clientError' can now be used to return custom errors from an
HTTP server [nodejs#4557](nodejs/node#4557).
* Modules
* Current directory is now prioritized for local lookups
[nodejs#5689](nodejs/node#5689)
* Symbolic links are preserved when requiring modules
[nodejs#5950](nodejs/node#5950)
* Net
* DNS hints no longer implicitly set
[nodejs#6021](nodejs/node#6021).
* Improved error handling and type checking
[nodejs#5981](nodejs/node#5981),
[nodejs#5733](nodejs/node#5733),
[nodejs#2904](nodejs/node#2904)
* OS X
* MACOSX_DEPLOYMENT_TARGET has been bumped up to 10.7
[nodejs#6402](nodejs/node#6402).
* Path
* Improved type checking [nodejs#5348](nodejs/node#5348).
* Process
* Introduce process warnings API
[nodejs#4782](nodejs/node#4782).
* Throw exception when non-function passed to nextTick
[nodejs#3860](nodejs/node#3860).
* Readline
* Emit key info unconditionally
[nodejs#6024](nodejs/node#6024)
* REPL
* Assignment to `_` will emit a warning.
[nodejs#5535](nodejs/node#5535)
* Timers
* Fail early when callback is not a function
[nodejs#4362](nodejs/node#4362)
* TLS
* Rename 'clientError' to 'tlsClientError'
[nodejs#4557](nodejs/node#4557)
* SHA1 used for sessionIdContext
[nodejs#3866](nodejs/node#3866)
* TTY
* Previously deprecated setRawMode wrapper is removed
[nodejs#2528](nodejs/node#2528).
* Util
* Changes to Error object formatting
[nodejs#4582](nodejs/node#4582).
* Windows
* Windows XP and Vista are no longer supported
[nodejs#5167](nodejs/node#5167),
[nodejs#5167](nodejs/node#5167).
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-2838 to the following vulnerability:
Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
References:
[1] http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
[2] https://code.google.com/p/chromium/issues/detail?id=235311
Upstream patch (covering multiple issues besides #235311):
[3] http://code.google.com/p/v8/source/detail?r=14498
Fedora tracking bug:
[4] https://bugzilla.redhat.com/show_bug.cgi?id=966121
There's no indication whether this affects the V8 3.14 (Node 0.10) branch and that patch contains a bunch of unrelated stuff that certainly isn't backportable so I'm punting this one to you guys to see if any action needs to be taken for node. Thanks!
The text was updated successfully, but these errors were encountered: