Denial-of-Service Memory Exhaustion

Module: qs

Published: August 6th, 2014

Reported by: Dustin Shiver

CVE-2014-7191

CWE-730

Vulnerable: <1.0.0
Patched: >= 1.x

Overview

Versions prior to 1.0 of qs are affected by a denial of service condition. This condition is triggered by parsing a crafted string that deserializes into very large sparse arrays, resulting in the process running out of memory and eventually crashing.

Remediation

Update to version 1.0.0 or later.

References