Vigil@nce - V8: unreachable memory reading
January 2016 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can force a read at an invalid address of V8, in order
to trigger a denial of service.
Impacted products: openSUSE, openSUSE Leap.
Severity: 2/4.
Creation date: 26/11/2015.
DESCRIPTION OF THE VULNERABILITY
The V8 product interprets JavaScript code. It is used by Node.js
and Chrome.
However, when malicious code is analyzed, the JSON.stringify()
function tries to read an unreachable memory area, which triggers
a fatal error.
An attacker can therefore force a read at an invalid address of
V8, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/V8-unreachable-memory-reading-18383