14 DAY TRIAL // A new version emerged on Saturday for Node.js that integrates a fix for a vulnerability leading to denial of service (DoS) attacks.
Node.js is used to create network applications based on an event-driven model. The platform is built on Chrome’s JavaScript runtime, the V8 engine, and its uses include building scalable server-side apps for handling data in real time.
The latest revision is currently 0.12.6 and it was released to address a bug that impacts all Buffer to Strings conversions. The flaw triggers an out-of-band write in V8’s UTF-8 decoder.
“This is an important security update as this bug can be used to cause a denial of service attack,” says the security advisory for the fresh version.
The maintainer included the patch in the source code and also offers it in compiled revisions for the supported platforms.
Recently, Node.js was updated to include the latest variant of OpenSSL crypto-library, which addresses multiple security vulnerabilities, including Logjam (CVE-2015-4000).
Exploiting Logjam would allow an attacker to downgrade the encryption of the Diffie-Hellman cryptographic key exchange scheme to a weak, export-grade variant (512-bit).
Since this modification is likely to create some friction, developers are asked to expose their problems on the project’s dedicated page on GitHub.