|Category:||F5 Local Security Checks|
|Title:||F5 BIG-IP - Node.js vulnerability CVE-2015-5380|
|Summary:||The remote host is missing a security patch.|
The remote host is missing a security patch.
The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence. (CVE-2015-5380)
For the f5-rest-node package on both the BIG-IP and BIG-IQ systems: A locally authenticated attacker with access to the command line may be able to cause a partial denial-of-service (DoS) to the system through exploitation of this issue.For the BIG-IQ UI node package: A remote attacker may be able to cause a denial of service (DoS) to the system through exploitation of this issue.
See the referenced vendor advisory for a solution.
Common Vulnerability Exposure (CVE) ID: CVE-2015-5380|
BugTraq ID: 75556
|Copyright||Copyright (C) 2015 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.