- Home
- CVEs with nessus.description==Node.js+reports+%3A+Denial+of+Service+Vulnerability+in+HTTP%2F2+%28CVE-2018-7161%29+All+versions+of+8.x+and+later+are+vulnerable+and+the+severity+is+HIGH.+An+attacker+can+cause+a+denial+of+service+%28DoS%29+by+causing+a+node+server+providing+an+http2+server+to+crash.+This+can+be+accomplished+by+interacting+with+the+http2+server+in+a+manner+that+triggers+a+cleanup+bug+where+objects+are+used+in+native+code+after+they+are+no+longer+available.+This+has+been+addressed+by+updating+the+http2+implementation.+Thanks+to+Jordan+Zebor+at+F5+Networks+for+reporting+this+issue.+Denial+of+Service%2C+nghttp2+dependency+%28CVE-2018-1000168%29+All+versions+of+9.x+and+later+are+vulnerable+and+the+severity+is+HIGH.+Under+certain+conditions%2C+a+malicious+client+can+trigger+an+uninitialized+read+%28and+a+subsequent+segfault%29+by+sending+a+malformed+ALTSVC+frame.+This+has+been+addressed+through+an+by+updating+nghttp2.+Denial+of+Service+Vulnerability+in+TLS+%28CVE-2018-7162%29+All+versions+of+9.x+and+later+are+vulnerable+and+the+severity+is+HIGH.+An+attacker+can+cause+a+denial+of+service+%28DoS%29+by+causing+a+node+process+which+provides+an+http+server+supporting+TLS+server+to+crash.+This+can+be+accomplished+by+sending+duplicate%2Funexpected+messages+during+the+handshake.+This+vulnerability+has+been+addressed+by+updating+the+TLS+implementation.+Thanks+to+Jordan+Zebor+at+F5+Networks+all+of+his+help+investigating+this+issue+with+the+Node.js+team.+Memory+exhaustion+DoS+on+v9.x+%28CVE-2018-7164%29+Versions+9.7.0+and+later+are+vulnerable+and+the+severity+is+MEDIUM.+A+bug+introduced+in+9.7.0+increases+the+memory+consumed+when+reading+from+the+network+into+JavaScript+using+the+net.Socket+object+directly+as+a+stream.+An+attacker+could+use+this+cause+a+denial+of+service+by+sending+tiny+chunks+of+data+in+short+succession.+This+vulnerability+was+restored+by+reverting+to+the+prior+behaviour.+Calls+to+Buffer.fill%28%29+and%2For+Buffer.alloc%28%29+may+hang+%28CVE-2018-7167%29+Calling+Buffer.fill%28%29+or+Buffer.alloc%28%29+with+some+parameters+can+lead+to+a+hang+which+could+result+in+a+Denial+of+Service.+In+order+to+address+this+vulnerability%2C+the+implementations+of+Buffer.alloc%28%29+and+Buffer.fill%28%29+were+updated+so+that+they+zero+fill+instead+of+hanging+in+these+cases
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top