CVE-2013-2838 v8: Denial of service (out-of-bounds read) via unspecified vector

[tchollingsworth]

Common Vulnerabilities and Exposures assigned an identifier CVE-2013-2838 to the following vulnerability:

Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

References:
[1] http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
[2] https://code.google.com/p/chromium/issues/detail?id=235311

Upstream patch (covering multiple issues besides #235311):
[3] http://code.google.com/p/v8/source/detail?r=14498

Fedora tracking bug:
[4] https://bugzilla.redhat.com/show_bug.cgi?id=966121

There's no indication whether this affects the V8 3.14 (Node 0.10) branch and that patch contains a bunch of unrelated stuff that certainly isn't backportable so I'm punting this one to you guys to see if any action needs to be taken for node. Thanks!

[bnoordhuis]

That's "Fixed beyond-heap load on x64 Crankshafted StringCharFromCode", right? v0.8 and v0.10 aren't affected and the bug in master was fixed a while ago (the relevant V8 commit is v8/v8@a295634, by the way.)

Thanks for bringing it to our attention though!