Vulnerabilites related to nodejs - node.js
Vulnerability from fkie_nvd
Published
2017-01-23 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/04/20/11 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/97102 | ||
| cve@mitre.org | https://nodesecurity.io/advisories/43 | Exploit, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/04/20/11 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97102 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://nodesecurity.io/advisories/43 | Exploit, Mitigation, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88EAEFE4-41B6-4AFD-A858-190BC7C522C9",
"versionEndIncluding": "1.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters."
},
{
"lang": "es",
"value": "El paquete validator en versiones anteriores a 2.0.0 para Node.js permite a atacantes remotos eludir el filtro de secuencias de comandos en sitios cruzados (XSS) a trav\u00e9s de caracteres hex codificados."
}
],
"id": "CVE-2014-9772",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-23T21:59:00.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/11"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/97102"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://nodesecurity.io/advisories/43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/97102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://nodesecurity.io/advisories/43"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-07 15:15
Modified
2024-11-21 04:29
Severity ?
Summary
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.4.0 | |
| oracle | graalvm | 19.3.1 | |
| oracle | graalvm | 20.0.0 | |
| debian | debian_linux | 10.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_eus | 8.1 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "E92EC0A2-0C04-4226-8905-5F580DF41F82",
"versionEndExcluding": "10.19.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "BA72B481-FA0B-473E-8E23-F0FC3D4C57F0",
"versionEndExcluding": "12.15.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D5B70848-F6C3-4131-8A91-6BA3379ED646",
"versionEndExcluding": "13.8.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E47FBC8E-1C21-4448-8C59-4D48F08B151B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.3.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "52D0A602-6044-4D93-9E67-4B24BE3BAD0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "ED734878-EBEA-418E-88A0-0C30AAB477E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons"
},
{
"lang": "es",
"value": "Una inclusi\u00f3n de espacios en blanco finales en los valores de encabezado HTTP en Nodejs versiones 10, 12 y 13, causa una omisi\u00f3n de autorizaci\u00f3n seg\u00fan las comparaciones de valores de encabezado."
}
],
"id": "CVE-2019-15606",
"lastModified": "2024-11-21T04:29:07.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-07T15:15:11.413",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0573"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0579"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0597"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0598"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0602"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/730779"
},
{
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v10.19.0/"
},
{
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v12.15.0/"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v13.8.0/"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200221-0004/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/730779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v10.19.0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v12.15.0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v13.8.0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200221-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-25 15:15
Modified
2024-11-21 06:21
Severity ?
Summary
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B213E696-A6D9-45E7-B4E4-E4CFE54ECEB8",
"versionEndExcluding": "1.1.1k",
"versionStartIncluding": "1.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*",
"matchCriteriaId": "73D9C08B-8F5B-40C4-A5BD-B00D2E4C012D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "62A178A3-6A52-4981-9A27-FB07AD8AF778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "54A487B1-E5CE-4C76-87E8-518D24C5D86D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "280AA828-6FA9-4260-8EC1-019423B966E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
"matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACF85D6-6B45-43DA-9C01-F0208186F014",
"versionEndExcluding": "6.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC12300-9051-4C70-9941-9FE5E64B4B30",
"versionEndIncluding": "8.13.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "657682A0-54D5-4DC6-A98E-8BAF685926C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC5C76C-3474-4B26-8CF0-2DFAFA3D5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8661D361-71B5-4C41-A818-C89EC551D900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "253603DC-2D92-442A-B3A8-A63E14D8A070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E112CFF-31F9-4D87-9A1B-AE0FCF69615E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1721B5-9FCD-47C3-8338-E02932CF2C05",
"versionEndIncluding": "5.17.0",
"versionStartIncluding": "5.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:8.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA7F1FD-9FAB-4654-98B0-4588EEC8B69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:9.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "868B2C4B-CE6B-41DA-A373-7D4FA51EFE9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "550F47A2-3393-481E-BC40-CE606BFA8776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway_cloud_service:8.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "43392D27-6C07-41C7-A17F-10C433338CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway_cloud_service:9.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FBF6C4C-195F-49A7-861D-52677D9BE58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway_cloud_service:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90732D53-E802-4E1B-B6C8-B1FDCE7905A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:checkpoint:quantum_security_management_firmware:r80.40:*:*:*:*:*:*:*",
"matchCriteriaId": "A98B128A-C58E-48EC-B691-AF73126A0822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:checkpoint:quantum_security_management_firmware:r81:*:*:*:*:*:*:*",
"matchCriteriaId": "345B990F-C1C4-440B-804E-0A2882FE7C01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:checkpoint:quantum_security_management:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08601413-25E2-4977-B67A-C11A9D788EA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:checkpoint:multi-domain_management_firmware:r80.40:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC067CC-EB90-43F5-9674-089D5C611573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:checkpoint:multi-domain_management_firmware:r81:*:*:*:*:*:*:*",
"matchCriteriaId": "80B223A7-1039-445D-ABE1-5E481004D956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:checkpoint:multi-domain_management:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1584E1B4-412C-40E2-BF07-4E464692F2AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*",
"matchCriteriaId": "A0002A29-8B42-445D-9EC4-58BC93194241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0EDB21-9305-4601-AB96-A77BD00F311D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9016DDF6-285C-4E64-88D0-29ECCEF048F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "570DB369-A31B-4108-A7FD-09F674129603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61516569-C48F-4362-B334-8CA10EDB0EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "394A16F2-CCD4-44E5-BF6B-E0C782A9FA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "058C7C4B-D692-49DE-924A-C2725A8162D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0F0434A5-F2A1-4973-917C-A95F2ABE97D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "96DD93E0-274E-4C36-99F3-EEF085E57655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86305E47-33E9-411C-B932-08C395C09982",
"versionEndExcluding": "9.2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1CAD50-749F-4ADB-A046-BF3585677A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8782A14-89B0-45EE-A5CB-FF715F5BA379",
"versionEndIncluding": "8.0.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C40ECC8-933B-47A4-8082-FCF0EF9C973E",
"versionEndIncluding": "5.7.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32714AD7-BCD1-4624-9923-5E6D927CF3CB",
"versionEndIncluding": "8.0.23",
"versionStartIncluding": "8.0.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1A94E1-A6C6-488D-A74C-6C0B24637272",
"versionEndIncluding": "8.0.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C01E8B82-71C7-4A4A-A70A-7B147524AB4A",
"versionEndExcluding": "18.1.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA11710-9EA8-49B4-8FD1-3AEE442F6ADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8B6D50-D482-43E9-A20D-FA77FD59AE2D",
"versionEndExcluding": "10.2.1.0-17sv",
"versionStartIncluding": "10.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4A2B7B-40F5-4AE0-ACC7-E94B82435DBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:capture_client:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "349EB4AE-65E3-42DC-8F9C-3A1A155324D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sonicos:7.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD8688A-2D55-4A7E-A143-1BD0FCF957B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rcm1224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5081E52B-E7C0-46BD-B1D0-2C70ABCC8831",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rcm1224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3747CDD7-E833-4B68-A362-77D6A2E9D888",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "058D21EA-E94C-4DDC-AD92-967DAC934457",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52A77C9D-E59C-4397-B834-797D7B334A6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "424CD8EA-D8CB-40C7-8E0F-AC4B05C59C99",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB9921A-5204-40A3-88AB-B7755F5C6875",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_s602_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "858B6A84-5D0E-4E23-AE32-A45B51BAC8CF",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_s602:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D89D82-C2CE-44DC-A05B-B956F20BF4E3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_s612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D173626B-9C50-489F-8BA4-1C45E5F96526",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_s612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7B48D2-0D17-420D-AAE1-35E5C0BE2924",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E967F5FC-6F3E-4982-8813-CA1DAF3BE165",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E917CBBB-EF41-4113-B0CA-EB91889235E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_s623_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81F315D8-0B26-4442-B330-85124017A482",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_s623:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F80D9A79-7984-462B-B4B9-6A4429422038",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_s627-2m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20F735-7A70-4A24-9621-786F99C8F87D",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_s627-2m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B51B40F8-71D2-4D2D-8EC2-CE154A6D7533",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc-600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "973B8030-B630-4D67-B897-25A359A96185",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc-600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "725C671B-D7A0-48CF-8A31-5F9C4173F1DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86EA8E3F-81BD-47BC-9834-A9B69CA7E70C",
"versionStartIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3033B1E-57A6-4AE3-A861-7047CF8EAD79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE116AD9-B55F-41C8-8B55-329809DB63E1",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D9A73DD-4A21-4096-B4B6-A0A825E71006",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "144CDF5E-7E07-428B-B4DF-C94992B3A44A",
"versionEndExcluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB3CC2D-CBF0-4F53-A412-01BBC39E34C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "339FFBDF-6957-481F-84CE-878B5CAAD9C8",
"versionEndExcluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7719E194-EE3D-4CE8-8C85-CF0D82A553AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf-200ba_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBB13D3-4E04-4D01-B880-C16C4FFA240B",
"versionEndExcluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf-200ba:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58377C58-F660-4C17-A3CB-BFC2F28848CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E40058B3-3726-4F6A-AB41-7679487639F2",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "798E900F-5EF9-4B39-B8C2-79FAE659E7F5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E642D10-E701-44DF-863B-D0DAA5530F50",
"versionEndExcluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F962FC7-0616-467F-8CCA-ADEA224B5F7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A53C2B5-A3FD-44CC-A78B-D2124EF37DB4",
"versionEndExcluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "434BC9BE-C5DB-4DAF-8E07-DFE4EEA0D7FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54FBE4D4-F31E-4B61-9216-44C8EC2988AB",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr524-8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E6B7D8-3F9E-43D6-AEFE-DEE3993679C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20511D61-FC1D-453E-BDF6-D3FB9951192A",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr526-8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67661569-6233-4C74-9C72-88BD14B257FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr528-6m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "640AC619-B516-46FC-821B-09C4542A3FD6",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr528-6m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E048C4A-A414-4C87-A865-4D4218AE32EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr552-12_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB979DB-731B-4693-A9F8-B11ED953717C",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr552-12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09743616-31C9-4E47-8A4A-B15D76204BE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cloud_connect_7_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "886D2FE6-B054-4E3B-BACB-F08C0A119A80",
"versionStartIncluding": "1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_cloud_connect_7_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B185B70-CAC9-47AC-8639-7A4707C21540",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cloud_connect_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA78457-260C-467B-9785-04B3C8EDF3B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABEA3BEE-E7AF-4C9A-ADE4-CE7FC1DB7639",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "049460B8-6186-44F9-B41F-284A2EC0B3B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1242-7_gprs_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "205482DA-548C-4757-91F0-1599438873BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_hmi_basic_panels_2nd_generation_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45208694-635A-42AC-B668-8B67C60568B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_hmi_basic_panels_2nd_generation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8F8BCE-35CE-492A-8BFE-2C36EA51CE5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C147D9-4649-4289-B18B-55BD6E33521A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4830E0D-0128-4E5B-AB81-2B238471AE4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54EFA8B5-8DA1-4547-9E15-BDC265C56006",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CEB200-E38F-4629-9279-5AF065396678",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_mv500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE4FA1E6-4C5A-4CDC-AD40-E384C0BCA90D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_mv500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93A5B50E-0316-4189-8F41-54732CFCF63F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1243-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D254DA1D-C53E-426B-9C69-580CC47CF0AA",
"versionStartIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1243-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65278BA0-3C81-4D81-9801-D7BE3A1D7680",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C06A02ED-0BA3-4A2C-AF0C-689B8AEB34B8",
"versionStartIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_eu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "209C7B1E-10F6-4215-AF69-CC36192E0FCE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_us_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8C00EE-1154-440C-A223-A2CE99CE3126",
"versionStartIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_us:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171A9543-E677-422F-8AEA-1BC2D0E53593",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB201DD3-8890-453E-A11E-1E13B3DAB3F9",
"versionStartIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "350FD323-C876-4C7A-A2E7-4B0660C87F6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61E498B1-87FF-454B-8DF0-61D0D3208491",
"versionStartIncluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1542sp-1_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1EE2F10-A7A6-486F-AE5C-53AE25BAF200",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90FB801F-11B5-438C-98A1-E928BFEA2ADB",
"versionEndExcluding": "3.0",
"versionStartIncluding": "2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F56C2BDC-928E-491A-8E7C-F976B3787C7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4BA1E6-64F7-4B96-8302-134057DAB1BE",
"versionStartIncluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1543sp-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "783B50B8-2FB7-4982-88AA-B4F2AD094796",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCA9544-DD17-4F56-B34C-91A3F37154AF",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1256EB4B-DD8A-4F99-AE69-F74E8F789C63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_pcs_7_telecontrol_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C25165E-EDE9-42F1-A3B9-0E47630D49CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_pcs_7_telecontrol:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF281FB-26E0-43E4-A2B6-4015661368AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_pcs_neo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEACFC9-41B7-4EE0-9427-692363880326",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_pcs_neo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3CA343-CA2A-4593-930C-158612CE7A55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_pdm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9AE23E-7DAE-4191-BA4E-A7CD655C4BC8",
"versionStartIncluding": "9.1.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_pdm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E092B735-42D5-48D5-947B-288C0FA2E180",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_process_historian_opc_ua_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D874D636-392A-4750-B976-F411DBCEBA8D",
"versionStartIncluding": "2019",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_process_historian_opc_ua_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14EC9343-7778-40B0-A74D-5C156FF2A229",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf166c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "968FBB4E-5B0B-43D4-B3AD-418028093990",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf166c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "391AD485-A49D-43D0-AAE5-1F58B38D4E22",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf185c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5212F097-B65A-4D73-BB6F-49687F8AD980",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf185c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82494B5E-80EE-47ED-B87E-CF8C8907B6FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf186c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D806113B-57EB-4AA0-9D5E-12E30337A93B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf186c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0933EB-82BE-42BB-978B-C9EC2FE1C795",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf186ci_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53FA50A7-2DF6-454E-8A8E-838C392AB417",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf186ci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAEB335-BD22-4CEF-A3EA-9D98A09FEBF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf188c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F3D41E9-58B3-4251-8710-A8C4A24ABBD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf188c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E21F9909-8D80-40BE-81E0-6ED7FE140A3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf188ci_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC628CB7-0816-4267-9C5D-954BD0233D2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf188ci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0927991-E820-4FC3-9EFE-96E4C9BFCCCD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf360r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88E64167-16AA-48D7-BCDC-B15D37FA666D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf360r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63F05227-208B-42C8-8D56-A5D106CAD32F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47F1294A-1C26-4D43-9C53-D833F2510536",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3871C0C9-C65E-4E0B-9CA8-75E60066297F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF60081-D534-44F5-972F-23257F16F372",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07849777-92E7-41D2-9128-F8D20DE15391",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF1726E-B56F-4D39-AFF4-E79A3CA00DE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68B3573B-A31E-4489-B2DD-B01B5C1D03CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC4A9F7-9858-4F95-8097-F8D09DA61314",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B640800C-9263-4BEA-9DA5-1323932540BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4948734A-0AAD-4D28-B7FF-FFBBB9AA39C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE17584A-BF7A-48B8-A9CB-477663766C63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC4A9F7-9858-4F95-8097-F8D09DA61314",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B640800C-9263-4BEA-9DA5-1323932540BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215_fc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE37798-B068-40E5-BC03-1D8D303E5926",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215_fc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76C7D55C-8D99-4E2F-A254-1BDE2B12A203",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E0C491C-5C4A-4F1C-ABD4-9502A54AAA78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4698CF-F935-4707-BA91-7E3650C7956C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7657063-1296-4734-B108-A2FF7A01B07F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "232279DE-CF1C-4A3C-886D-B4CE3F104F09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\\/dp_mfp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C477CCD-06C7-4907-8B0C-4FCE7F6DADAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\\/dp_mfp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC4FA01-8DDB-41E4-B759-7B504F78AEBC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_connect_300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3360ACCE-E735-4E34-B278-0D4460E74CBF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_connect_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B854F5B-78C7-41FE-9364-5E71B36342A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B20D95-C4B3-4D13-A3D8-F22AC42DC059",
"versionEndExcluding": "2.2",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D94BEB-BBFB-4258-9835-87DBBB999239",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_logon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F24E40-F3F0-48F3-B3DC-5F98B0564F7A",
"versionStartIncluding": "1.6.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_logon:1.5:sp3_update_1:*:*:*:*:*:*",
"matchCriteriaId": "423359E5-9C36-4C6B-AB24-B030E6C61D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79EE15DC-74D3-4551-AAD0-EA0CB600DA76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc_telecontrol:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3169FD3-CBA2-417C-95EF-4F8AE9FAB5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_nms:1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4ED13FC8-63C0-42C6-A51C-C480C45327C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_nms:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E68FE047-8F53-46B8-82D4-9342B1C8CA55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_pni:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1353DC31-FB12-427A-B1B2-9164A4BEE14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinema_server:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B0A5CC25-A323-4D49-8989-5A417D12D646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinema_server:14.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A690BCD3-6497-43F7-8A51-E033B9121DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinema_server:14.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AA375D44-ECC5-4BD3-A3D5-6D2AA68782D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinema_server:14.0:sp2_update1:*:*:*:*:*:*",
"matchCriteriaId": "6CD26C73-B61F-424B-91C2-352E2CAE6666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinema_server:14.0:sp2_update2:*:*:*:*:*:*",
"matchCriteriaId": "DB4EA15F-ECA4-477F-948F-490FC90BC66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_opc_ua_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA14E65-214C-431D-A49A-D8FC142D4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:tia_administrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "915B09CB-CA0A-445B-89D3-16AE9B08858E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "25A3180B-21AF-4010-9DAB-41ADFD2D8031",
"versionEndIncluding": "10.12.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "43B199B4-D89C-483D-ACAE-6CB2A59EE67C",
"versionEndIncluding": "10.24.0",
"versionStartIncluding": "10.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "564ED5C8-50D7-413A-B88E-E62B6C07336A",
"versionEndIncluding": "12.12.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "3DEBF7C8-B000-47B9-B597-DC440F2603B3",
"versionEndExcluding": "12.22.1",
"versionStartIncluding": "12.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482",
"versionEndIncluding": "14.14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "380D03F3-6A7E-43A2-B002-FB2521FD3C58",
"versionEndExcluding": "14.16.1",
"versionStartIncluding": "14.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "3ED4D313-F372-4CC1-BE11-6BBA2F0E90E3",
"versionEndExcluding": "15.14.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)."
},
{
"lang": "es",
"value": "Un servidor OpenSSL TLS puede cometer un fallo si un cliente env\u00eda un mensaje ClientHello de renegociaci\u00f3n dise\u00f1ado maliciosamente.\u0026#xa0;Si una renegociaci\u00f3n de TLSv1.2 ClientHello omite la extensi\u00f3n signature_algorithms (donde estaba presente en el ClientHello inicial), pero incluye una extensi\u00f3n signature_algorithms_cert, se producir\u00e1 una desreferencia del puntero NULL, lo que conllevar\u00e1 un bloqueo y un ataque de denegaci\u00f3n de servicio.\u0026#xa0;Un servidor solo es vulnerable si tiene TLSv1.2 y la renegociaci\u00f3n habilitada (que es la configuraci\u00f3n predeterminada).\u0026#xa0;Los clientes de OpenSSL TLS no est\u00e1n afectados por este problema.\u0026#xa0;Todas las versiones de OpenSSL versi\u00f3n 1.1.1 est\u00e1n afectadas por este problema.\u0026#xa0;Los usuarios de estas versiones deben actualizar a OpenSSL versi\u00f3n 1.1.1k.\u0026#xa0;OpenSSL versi\u00f3n 1.0.2 no est\u00e1 afectado por este problema.\u0026#xa0;Corregido en OpenSSL versi\u00f3n 1.1.1k (Afectadas versiones 1.1.1-1.1.1j)"
}
],
"id": "CVE-2021-3449",
"lastModified": "2024-11-21T06:21:33.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-25T15:15:13.450",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
},
{
"source": "openssl-security@openssl.org",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"source": "openssl-security@openssl.org",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4875"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20210325.txt"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-05"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-06"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20210325.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-10"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-18 04:15
Modified
2024-11-21 08:15
Severity ?
Summary
A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/2092852 | Third Party Advisory | |
| support@hackerone.com | https://security.netapp.com/advisory/ntap-20231116-0009/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/2092852 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20231116-0009/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "AF062340-A490-41E3-8A34-2C07644402DE",
"versionEndExcluding": "20.8.1",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
},
{
"lang": "es",
"value": "Una vulnerabilidad previamente revelada (CVE-2023-30584) no se parch\u00f3 suficientemente en el commit 205f1e6. La nueva vulnerabilidad de path traversal surge porque la implementaci\u00f3n no se protege a s\u00ed misma contra la sobrescritura de funciones de utilidad integradas con implementaciones definidas por el usuario. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el modelo de permiso es una caracter\u00edstica experimental de Node.js."
}
],
"id": "CVE-2023-39331",
"lastModified": "2024-11-21T08:15:10.470",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2,
"source": "support@hackerone.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-18T04:15:11.257",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/2092852"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231116-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/2092852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231116-0009/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-15 16:15
Modified
2024-11-21 08:02
Severity ?
Summary
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions.
This vulnerability affects all users using the experimental permission model in Node.js 20.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "145E971E-F0AF-49A7-8A9C-3AAFE01C076B",
"versionEndIncluding": "20.5.0",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions.\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad en Node.js versi\u00f3n 20, espec\u00edficamente dentro del modelo de permisos experimentales. Esta falla se relaciona con el manejo incorrecto de los B\u00faferes en las API del sistema de archivos, lo que hace que se omita un Path Traversal al verificar los permisos de archivo. Esta vulnerabilidad afecta a todos los usuarios que usan el modelo de permisos experimental en Node.js 20. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el modelo de permisos es una caracter\u00edstica experimental de Node.js."
}
],
"id": "CVE-2023-32004",
"lastModified": "2024-11-21T08:02:30.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T16:15:11.303",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking"
],
"url": "https://hackerone.com/reports/2038134"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/"
},
{
"source": "support@hackerone.com",
"url": "https://security.netapp.com/advisory/ntap-20230915-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://hackerone.com/reports/2038134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230915-0009/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-30 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/101881 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://nodejs.org/en/blog/release/v4.8.5/ | Vendor Advisory | |
| cve@mitre.org | https://nodejs.org/en/blog/release/v6.11.5/ | Vendor Advisory | |
| cve@mitre.org | https://nodejs.org/en/blog/release/v8.8.0/ | Vendor Advisory | |
| cve@mitre.org | https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101881 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodejs.org/en/blog/release/v4.8.5/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodejs.org/en/blog/release/v6.11.5/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodejs.org/en/blog/release/v8.8.0/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | 4.8.2 | |
| nodejs | node.js | 4.8.3 | |
| nodejs | node.js | 4.8.4 | |
| nodejs | node.js | 6.10.2 | |
| nodejs | node.js | 6.10.3 | |
| nodejs | node.js | 6.11.0 | |
| nodejs | node.js | 6.11.1 | |
| nodejs | node.js | 6.11.2 | |
| nodejs | node.js | 6.11.3 | |
| nodejs | node.js | 6.11.4 | |
| nodejs | node.js | 8.0.0 | |
| nodejs | node.js | 8.1.0 | |
| nodejs | node.js | 8.1.1 | |
| nodejs | node.js | 8.1.2 | |
| nodejs | node.js | 8.1.3 | |
| nodejs | node.js | 8.1.4 | |
| nodejs | node.js | 8.2.0 | |
| nodejs | node.js | 8.2.1 | |
| nodejs | node.js | 8.3.0 | |
| nodejs | node.js | 8.4.0 | |
| nodejs | node.js | 8.5.0 | |
| nodejs | node.js | 8.6.0 | |
| nodejs | node.js | 8.7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85C38CBB-154F-4842-B783-86DE1700A59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A52ABF-EAB6-4B14-8DF2-49E0D93F0737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E962F4B0-258F-40FB-859A-148FF37A539B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "96903DD4-70B8-4F30-AE8D-B5BF4235EC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F99F1B8C-B2A2-46F0-A46B-543876382BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4E9F52-DAAA-4E7E-B37A-A8612DDF6717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33314D49-3EDD-458F-9DC6-71AC0C1BF2D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "415E86EC-4452-4299-B579-3A07FC7FB21F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82584464-558A-4627-8A6B-2A019ED9C8B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D047DFA7-CCBE-44A6-BBDC-A372C96E32AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "710CFCCF-7086-472E-90A9-ACE36A8F8AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E35B2D35-798E-4186-8C17-4AC717777668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC765BA6-CDB8-4C3B-9D23-64996F38027A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B35BB2AB-7E3E-450D-A135-A0A8020F0BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A710334-6ADA-4BF3-A4A8-F1EF1CC07674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5412B7B9-4844-4E18-B671-7CA2BB98CD5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDB9B89-EEEB-49D4-A55C-E7381DB00FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1730EB6-426D-49A4-88D1-61D1EBF2AD46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D86DC4-5972-40C9-B535-8D79DCAF9EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F004FD3-3D34-4424-8BE0-75664F0EBA5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "921B4767-BFBC-4595-90A6-64927ADEE378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8CB363-1B02-4B72-91B6-859F7BE53CCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F525E136-B5A0-4247-9630-6ABEF09C3264",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter."
},
{
"lang": "es",
"value": "Node.js en versiones anteriores a la 4.8.5, las versiones 6.x anteriores a la 6.11.5 y las versiones 8.x anteriores a la 8.8.0 permiten que atacantes remotos provoquen una denegaci\u00f3n de servicio (excepci\u00f3n no detectada y cierre inesperado) aprovechando un cambio en el m\u00f3dulo zlib, versi\u00f3n 1.2.9, que hace que 8 sea un valor no v\u00e1lido para el par\u00e1metro windowsBits."
}
],
"id": "CVE-2017-14919",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-30T19:29:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101881"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v4.8.5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v6.11.5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v8.8.0/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/oct-2017-dos/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v4.8.5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v6.11.5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v8.8.0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/oct-2017-dos/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-10 00:15
Modified
2024-11-21 06:29
Severity ?
Summary
Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "D413EFEB-941C-4FDD-BA04-32B7902BCFE7",
"versionEndExcluding": "11.1.3",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "C1457A80-9287-4C15-9AF3-8CE57500C4AA",
"versionEndExcluding": "12.0.5",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B44D2C4-15DF-4918-B374-3C780CC43ACC",
"versionStartExcluding": "15.0.0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue."
},
{
"lang": "es",
"value": "Next.js es un framework de React. En las versiones de Next.js anteriores a 12.0.5 o 11.1.3, las direcciones URL no v\u00e1lidas o malformadas podr\u00edan conllevar a un bloqueo del servidor. Para verse afectado por este problema, el despliegue debe usar versiones de Next.js superiores a 11.1.0 y anteriores a 12.0.5, Node.js versiones posteriores a 15.0.0, y el siguiente inicio o un servidor personalizado. Los despliegues en Vercel no est\u00e1n afectados, junto con entornos similares en los que las peticiones no v\u00e1lidas son filtradas antes de llegar a Next.js. Las versiones 12.0.5 y 11.1.3 contienen parches para este problema"
}
],
"id": "CVE-2021-43803",
"lastModified": "2024-11-21T06:29:49.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2021-12-10T00:15:11.827",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/vercel/next.js/commit/6d98b4fb4315dec1badecf0e9bdc212a4272b264"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/vercel/next.js/pull/32080"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/vercel/next.js/releases/tag/v11.1.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/vercel/next.js/releases/v12.0.5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/vercel/next.js/commit/6d98b4fb4315dec1badecf0e9bdc212a4272b264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/vercel/next.js/pull/32080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/vercel/next.js/releases/tag/v11.1.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/vercel/next.js/releases/v12.0.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-06 21:15
Modified
2024-11-21 05:38
Severity ?
Summary
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| oracle | graalvm | 19.3.4 | |
| oracle | graalvm | 20.3.0 | |
| siemens | sinec_infrastructure_network_services | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "8042EBD0-9F28-43DF-BF27-DD3BBBD3E017",
"versionEndExcluding": "10.23.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "5E1AAC61-6E2E-46F8-BB51-D615FC87DA3B",
"versionEndExcluding": "12.20.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "1DF64627-51CF-41BB-A9D2-B23DAC590FF0",
"versionEndExcluding": "14.15.4",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "B6E4C7D3-2F1D-49B8-95AF-B89D82267ECB",
"versionEndExcluding": "15.5.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "937F66F5-F5BA-4156-82E0-EB2C99ABD41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "BC0F8B31-F93B-40B6-9C06-A3996DC63829",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits."
},
{
"lang": "es",
"value": "Node.js versiones anteriores a 10.23.1, 12.20.1, 14.15.4, 15.5.1, son vulnerables a un bug de uso de la memoria previamente liberada en su implementaci\u00f3n TLS.\u0026#xa0;Al escribir en un socket habilitado para TLS, node::StreamBase::Write llama node::TLSWrap::DoWrite con un objeto WriteWrap reci\u00e9n asignado como primer argumento.\u0026#xa0;Si el m\u00e9todo DoWrite no devuelve un error, este objeto es devuelto a la persona que llama como parte de una estructura de StreamWriteResult.\u0026#xa0;Esto puede ser explotado para corromper la memoria conllevando a una Denegaci\u00f3n de Servicio o potencialmente otras explotaciones"
}
],
"id": "CVE-2020-8265",
"lastModified": "2024-11-21T05:38:37.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-06T21:15:14.410",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/988103"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4/"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-07"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0003/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4826"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/988103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-31 19:15
Modified
2024-11-21 07:12
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/vercel/next.js/releases/tag/v12.2.4 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://github.com/vercel/next.js/security/advisories/GHSA-wff4-fpwg-qqv3 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vercel/next.js/releases/tag/v12.2.4 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vercel/next.js/security/advisories/GHSA-wff4-fpwg-qqv3 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vercel:next.js:12.2.3:*:*:*:*:node.js:*:*",
"matchCriteriaId": "72884DEE-123D-4FAD-A704-339D0B693F52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "996A6068-7CAE-416C-AF03-DB2A94F813D4",
"versionStartIncluding": "15.0.0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn\u0027t being shared across requests."
},
{
"lang": "es",
"value": "Next.js es un framework de React que puede proporcionar bloques de construcci\u00f3n para crear aplicaciones web. Todo lo siguiente debe ser cierto para estar afectado por esta CVE: Next.js versi\u00f3n 12.2.3, Node.js versiones superiores a v15.0.0, siendo usado con la salida estricta \"unhandledRejection\" Y usando next start o un [servidor personalizado](https://nextjs.org/docs/advanced-features/custom-server). Los despliegues en Vercel ([vercel.com](https://vercel.com/)) no est\u00e1n afectados junto con entornos similares donde \"next-server\" no est\u00e1 siendo compartido entre peticiones"
}
],
"id": "CVE-2022-36046",
"lastModified": "2024-11-21T07:12:15.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-31T19:15:08.737",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/vercel/next.js/releases/tag/v12.2.4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-wff4-fpwg-qqv3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/vercel/next.js/releases/tag/v12.2.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-wff4-fpwg-qqv3"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-248"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-28 17:29
Modified
2024-11-21 04:45
Severity ?
Summary
Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "853EB571-4424-4796-BED6-578E86828FCE",
"versionEndIncluding": "6.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default."
},
{
"lang": "es",
"value": "Las conexiones HTTP y HTTPS \"keep-alive\" pueden permanecer abiertas y inactivas durante hasta 2 minutos en Node.js en versiones 6.16.0 y anteriores. Node.js, en su versi\u00f3n 8.0.0, introduc\u00eda un server.keepAliveTimeout que se establece a 5 segundos, por defecto. Este comportamiento en Node.js, en versiones 6.16.0 y anteriores, es un vector potencial para denegaciones de servicio (DoS). Node.js, en su versi\u00f3n 6.17.0, introduce server.keepAliveTimeout y el establecimiento de 5 segundos por defecto."
}
],
"id": "CVE-2019-5739",
"lastModified": "2024-11-21T04:45:25.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-28T17:29:01.647",
"references": [
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0008/"
}
],
"sourceIdentifier": "cve-request@iojs.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "cve-request@iojs.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-24 19:15
Modified
2024-11-21 06:31
Severity ?
Summary
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| oracle | graalvm | 20.3.5 | |
| oracle | graalvm | 21.3.1 | |
| oracle | graalvm | 22.0.0.2 | |
| oracle | mysql_connectors | * | |
| oracle | mysql_enterprise_monitor | * | |
| oracle | mysql_server | * | |
| oracle | mysql_server | * | |
| oracle | mysql_workbench | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | |
| oracle | mysql_cluster | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "DAE16BC9-7B14-48DA-ADEB-D1898E0B9885",
"versionEndExcluding": "12.22.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8499B085-A803-4958-BB99-8E7FABB177BB",
"versionEndExcluding": "14.18.3",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "113157AB-0571-4244-A857-ADE4F4EA1F11",
"versionEndExcluding": "16.13.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "9DF5B801-BC99-4F91-B350-C14A5998532C",
"versionEndExcluding": "17.3.1",
"versionStartIncluding": "17.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "079F2588-2746-408B-9BB0-9A569289985B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "51600424-E294-41E0-9C8B-12D0C3456027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "727AE4B8-ECED-4942-B378-AC869D39D8D0",
"versionEndIncluding": "8.0.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747",
"versionEndIncluding": "8.0.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "361CAD5F-8866-44CC-A47E-C0E98A9FAABA",
"versionEndIncluding": "5.7.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D713546-8144-491B-B3D9-FBE437E4A442",
"versionEndIncluding": "8.0.28",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BDC629D-CC4C-4903-8A06-BF5823457996",
"versionEndIncluding": "8.0.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB1E9C2-30CD-4DD2-BB9F-AF59B8DA9B9E",
"versionEndIncluding": "8.0.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js \u003c 12.22.9, \u003c 14.18.3, \u003c 16.13.2, and \u003c 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option."
},
{
"lang": "es",
"value": "Aceptar tipos de nombres alternativos de sujeto (SAN) arbitrarios, a menos que una PKI est\u00e9 definida espec\u00edficamente para usar un tipo de SAN concreto, puede resultar en una omisi\u00f3n de los intermediarios con restricci\u00f3n de nombre. Node.js versiones anteriores a 12.22.9, versiones anteriores a 14.18.3, versiones anteriores a 16.13.2 y versiones anteriores a 17.3.1, aceptaba tipos de URI SAN, que las PKI no suelen estar definidas para usar. Adem\u00e1s, cuando un protocolo permite URI SANs, Node.js no hac\u00eda coincidir el URI correctamente. Las versiones de Node.js con la correcci\u00f3n para esto deshabilitan el tipo URI SAN cuando comprueban un certificado contra un nombre de host. Este comportamiento puede revertirse mediante la opci\u00f3n de l\u00ednea de comandos --security-revert"
}
],
"id": "CVE-2021-44531",
"lastModified": "2024-11-21T06:31:10.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-24T19:15:09.313",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1429694"
},
{
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5170"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1429694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-08 14:15
Modified
2024-11-21 05:38
Severity ?
Summary
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| oracle | banking_extensibility_workbench | 14.3.0 | |
| oracle | banking_extensibility_workbench | 14.4.0 | |
| oracle | blockchain_platform | * | |
| oracle | graalvm | 19.3.2 | |
| oracle | graalvm | 20.1.0 | |
| oracle | mysql_cluster | * | |
| oracle | mysql_cluster | * | |
| oracle | mysql_cluster | * | |
| oracle | mysql_cluster | * | |
| oracle | mysql_cluster | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D494880-6066-460B-B384-B9188C3967FF",
"versionEndExcluding": "12.18.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89511E55-5D62-425E-B1A3-0688FACEB53C",
"versionEndExcluding": "14.4.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EABAFD73-150F-4DFE-B721-29EB4475D979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE57039D-E2EE-4014-A7B1-D7380D26098E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7",
"versionEndExcluding": "21.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.3.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "909B4029-1D4F-4D60-AC6D-98C7E9FF1B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.1.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B501426C-7FB5-4C0D-83E4-0279746EFBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69D21CF6-A2D7-403B-9A22-66A892C0F57D",
"versionEndIncluding": "7.3.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "156E63C9-9834-4120-A245-CF1AF6BEC040",
"versionEndIncluding": "7.4.29",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6111894E-B3C9-41F1-8106-6BA16980A146",
"versionEndIncluding": "7.5.19",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C69D247E-D8A3-4834-9240-7EACCA0F63BA",
"versionEndIncluding": "7.6.15",
"versionStartIncluding": "7.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88B86B2E-D69E-4E1E-BCD5-8B3B9573626C",
"versionEndIncluding": "8.0.21",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TLS session reuse can lead to host certificate verification bypass in node version \u003c 12.18.0 and \u003c 14.4.0."
},
{
"lang": "es",
"value": "La reutilizaci\u00f3n de una sesi\u00f3n TLS puede conllevar a una omisi\u00f3n de la verificaci\u00f3n del certificado del host en node versi\u00f3n anterior a 12.18.0 y anterior a 14.4.0"
}
],
"id": "CVE-2020-8172",
"lastModified": "2024-11-21T05:38:26.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-08T14:15:13.213",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/811502"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-07"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200625-0002/"
},
{
"source": "support@hackerone.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/811502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200625-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-20 02:15
Modified
2025-03-28 19:15
Severity ?
Summary
Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.
This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | http://www.openwall.com/lists/oss-security/2024/03/11/1 | Mailing List, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/2259914 | Issue Tracking, Third Party Advisory | |
| support@hackerone.com | https://security.netapp.com/advisory/ntap-20240315-0005/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/03/11/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/2259914 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240315-0005/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C20DA8F-2F0C-4323-B67D-8ADF50D5983A",
"versionEndExcluding": "20.11.1",
"versionStartIncluding": "20.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "211B62F4-4CC3-41CA-91FA-E14C5AC0335A",
"versionEndExcluding": "21.6.2",
"versionStartIncluding": "21.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
},
{
"lang": "es",
"value": "Node.js depende de m\u00faltiples funciones de utilidad integradas para normalizar las rutas proporcionadas a las funciones de node:fs, que pueden ser exageradas con implementaciones definidas por el usuario que conducen a la omisi\u00f3n del modelo de permisos del sistema de archivos mediante un ataque de path traversal. Esta vulnerabilidad afecta a todos los usuarios que utilizan el modelo de permiso experimental en Node.js 20 y Node.js 21. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el modelo de permiso es una caracter\u00edstica experimental de Node.js."
}
],
"id": "CVE-2024-21891",
"lastModified": "2025-03-28T19:15:19.037",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.5,
"impactScore": 5.8,
"source": "support@hackerone.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-20T02:15:50.347",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/2259914"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/2259914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0005/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-14 15:15
Modified
2024-11-21 07:05
Severity ?
Summary
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/1447455 | Permissions Required | |
| support@hackerone.com | https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ | Patch, Vendor Advisory | |
| support@hackerone.com | https://security.netapp.com/advisory/ntap-20220915-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1447455 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220915-0001/ | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482",
"versionEndIncluding": "14.14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "E1789602-0D21-4A6F-A1BB-60D243AB619D",
"versionEndExcluding": "14.20.0",
"versionStartIncluding": "14.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1D1D0CEC-62E5-4368-B8F2-1DA5DD0B88FA",
"versionEndIncluding": "16.12.0",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "D9D9B02E-C965-408B-999E-1F3DA09B62AA",
"versionEndExcluding": "16.16.0",
"versionStartIncluding": "16.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "DAE99FBA-CF4F-4DF2-98D5-5D3ACD82A185",
"versionEndExcluding": "18.0.5",
"versionStartIncluding": "18.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and \u201cC:\\Program Files\\Common Files\\SSL\\openssl.cnf\u201d exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability."
},
{
"lang": "es",
"value": "Node.js es vulnerable a un Flujo de Ejecuci\u00f3n de Secuestro: Secuestro de DLL bajo determinadas condiciones en plataformas Windows. Esta vulnerabilidad puede ser explotada si la v\u00edctima presenta las siguientes dependencias en una m\u00e1quina Windows:* OpenSSL ha sido instalada y \"C:\\Program Files\\Common Files\\SSL\\openssl.cnf\" se presenta. Siempre que sean dadas las condiciones anteriores, \"node.exe\" buscar\u00e1 \"providers.dll\" en el directorio actual del usuario. Despu\u00e9s, \"node.exe\" intentar\u00e1 buscar \"providers.dll\" mediante el orden de b\u00fasqueda de DLL en Windows. Es posible que un atacante coloque el archivo malicioso \"providers.dll\" en una variedad de rutas y explote esta vulnerabilidad"
}
],
"id": "CVE-2022-32223",
"lastModified": "2024-11-21T07:05:57.453",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T15:15:08.487",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/1447455"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/1447455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0001/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-23 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/04/20/11 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://nodesecurity.io/advisories/41 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/04/20/11 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodesecurity.io/advisories/41 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D54646E-1A3E-4C39-84E6-7D7664052599",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag."
},
{
"lang": "es",
"value": "El m\u00f3dulo validator en versiones anteriores a 1.1.0 para Node.js permite a atacantes remotos eludir el filtro XSS a trav\u00e9s de una etiqueta anidada."
}
],
"id": "CVE-2013-7451",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-23T21:59:00.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/11"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nodesecurity.io/advisories/41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodesecurity.io/advisories/41"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-13 21:15
Modified
2025-01-14 19:29
Severity ?
Summary
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93988E60-006B-434D-AB16-1FA1D2FEBC2A",
"versionEndIncluding": "1.4.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D294D56-E784-4DA8-9C2C-BC5A05C92C0C",
"versionStartIncluding": "10.12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B1D2F6-BC1F-47AF-B4E6-4B50986AC622",
"versionStartIncluding": "14.04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "603BF43B-FC99-4039-A3C0-467F015A32FA",
"versionEndIncluding": "6.2.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07BB02CE-D4F2-459C-B0C6-FF78BF7996AE",
"versionEndIncluding": "7.1.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D875E0D8-D109-4F7F-A4C4-9EDD66CEE74E",
"versionEndIncluding": "8.0.3",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C997777-BE79-4F77-90D7-E1A71D474D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9685B12-824F-42AD-B87C-6E7A78BB7FA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0C5120-B961-440F-B454-584BC54B549C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCBDFF9-AF42-4681-879B-CF789EBAD130",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2466282-51AB-478D-9FF4-FA524265ED2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0952BA1A-5DF9-400F-B01F-C3A398A8A2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B157A2D-3422-4224-82D9-15AB3B989075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "732F14CE-7994-4DD2-A28B-AE9E79826C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7F358B-5E56-41AB-BB8A-23D3CB7A248B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E939A0E0-3437-459E-9FAB-FE42811B1D32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C120C2F1-D50D-49CC-8E96-207ACCA49674",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "765E9856-2748-4A8B-91F5-A4DB3C8C547A",
"versionEndExcluding": "7.7.2.24",
"versionStartIncluding": "7.7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6E66B1-3291-4E8E-93D6-30E9FDCF983E",
"versionEndExcluding": "7.8.2.13",
"versionStartIncluding": "7.8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "227104AD-396D-4ADD-87C7-C4CD5583DA04",
"versionEndExcluding": "8.2.0",
"versionStartIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99C12BA5-2D81-4973-824E-2BDDA70F2485",
"versionEndExcluding": "11.6.5.1",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "591EA641-C103-4575-97D5-15D41B20E581",
"versionEndExcluding": "12.1.5.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F3F4FD-8BB9-468D-B50F-B25B17AF0F3A",
"versionEndExcluding": "13.1.3.2",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63529AEA-8B74-4CA1-BADF-14514D243DC5",
"versionEndExcluding": "14.0.1.1",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D87CCF-ED81-4B69-9D02-D5B79082E0FF",
"versionEndExcluding": "14.1.2.1",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5485F6ED-F324-4124-9116-79E70909C5F7",
"versionEndExcluding": "15.0.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "CFC0252A-DF1D-4CF4-B450-27267227B599",
"versionEndExcluding": "8.16.1",
"versionStartIncluding": "8.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "25A3180B-21AF-4010-9DAB-41ADFD2D8031",
"versionEndIncluding": "10.12.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "2EC65858-FF7B-4171-82EA-80942D426F40",
"versionEndExcluding": "10.16.3",
"versionStartIncluding": "10.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F522C500-AA33-4029-865F-F27FB00A354E",
"versionEndExcluding": "12.8.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both."
},
{
"lang": "es",
"value": "Algunas implementaciones de HTTP / 2 son vulnerables a una inundaci\u00f3n de configuraciones, lo que puede conducir a una denegaci\u00f3n de servicio. El atacante env\u00eda una secuencia de marcos de CONFIGURACI\u00d3N al par. Como el RFC requiere que el igual responda con un acuse de recibo por cuadro de CONFIGURACI\u00d3N, un cuadro de CONFIGURACI\u00d3N vac\u00edo es casi equivalente en comportamiento a un ping. Dependiendo de cu\u00e1n eficientemente se pongan en cola estos datos, esto puede consumir un exceso de CPU, memoria o ambos."
}
],
"id": "CVE-2019-9515",
"lastModified": "2025-01-14T19:29:55.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cret@cert.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-13T21:15:12.520",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2766"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2796"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2861"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4040"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4041"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4042"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4045"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/43"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/18"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K50233772"
},
{
"source": "cret@cert.org",
"url": "https://support.f5.com/csp/article/K50233772?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4308-1/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4508"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K50233772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K50233772?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4308-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 17:15
Modified
2024-11-21 06:39
Severity ?
Summary
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openssl | openssl | * | |
| openssl | openssl | * | |
| openssl | openssl | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | cloud_volumes_ontap_mediator | - | |
| netapp | clustered_data_ontap | - | |
| netapp | clustered_data_ontap_antivirus_connector | - | |
| netapp | santricity_smi-s_provider | - | |
| netapp | storagegrid | - | |
| netapp | a250_firmware | - | |
| netapp | a250 | - | |
| netapp | 500f_firmware | - | |
| netapp | 500f | - | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 36 | |
| tenable | nessus | * | |
| tenable | nessus | * | |
| mariadb | mariadb | * | |
| mariadb | mariadb | * | |
| mariadb | mariadb | * | |
| mariadb | mariadb | * | |
| mariadb | mariadb | * | |
| mariadb | mariadb | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BC593C-D7BB-42A8-9488-BE910A8C3B68",
"versionEndExcluding": "1.0.2zd",
"versionStartIncluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16D7B14C-9D04-40AC-9FCE-73D3DF468DB2",
"versionEndExcluding": "1.1.1n",
"versionStartIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7225F27-E0BC-4716-AF68-8D68EE90F7CE",
"versionEndExcluding": "3.0.2",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "280AA828-6FA9-4260-8EC1-019423B966E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62347994-1353-497C-9C4A-D5D8D95F67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
"matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1236B66D-EB11-4324-929F-E2B86683C3C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "281DFC67-46BB-4FC2-BE03-3C65C9311F65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF32BB1-9A58-4821-AE49-5D5C8200631F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F21DE67F-CDFD-4D36-9967-633CD0240C6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1188273E-D496-41A9-AE16-75C0EB70EFB2",
"versionEndExcluding": "8.15.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "644DD241-261E-41A3-86B5-C0834502EA81",
"versionEndExcluding": "10.1.2",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49CFE4A3-DDFC-4801-8C68-510EB5CFBC36",
"versionEndExcluding": "10.2.42",
"versionStartIncluding": "10.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EB13E9-AFD7-4E82-A471-61201460CAC4",
"versionEndExcluding": "10.3.33",
"versionStartIncluding": "10.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFE42EF-DB07-4DD4-A40C-6DD6A7D1E6DC",
"versionEndExcluding": "10.4.23",
"versionStartIncluding": "10.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C63CE6-6B86-4C48-8D30-DC74CA83C5EC",
"versionEndExcluding": "10.5.14",
"versionStartIncluding": "10.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09ADA35C-125F-4970-ACB7-36A9CC3516BF",
"versionEndExcluding": "10.6.6",
"versionStartIncluding": "10.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0435104-B0F9-4997-A769-36821689DF45",
"versionEndExcluding": "10.7.2",
"versionStartIncluding": "10.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "564ED5C8-50D7-413A-B88E-E62B6C07336A",
"versionEndIncluding": "12.12.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "274A9803-2997-4E65-BDB0-8B5C23120CD1",
"versionEndExcluding": "12.22.11",
"versionStartIncluding": "12.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "05678B4E-5F27-4096-8E9B-38B84A7E7793",
"versionEndIncluding": "14.14.0",
"versionStartExcluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "CECEE1EE-B2A2-476B-82AE-48DFF6F1729A",
"versionEndExcluding": "14.19.1",
"versionStartIncluding": "14.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "DC9C8402-7102-4BCF-8A49-CFDF1C59B92F",
"versionEndIncluding": "16.12.0",
"versionStartExcluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "3DF34038-6987-4196-B5E7-FF5656D1EE5A",
"versionEndExcluding": "16.14.2",
"versionStartIncluding": "16.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0AD8D8BB-702C-4FDF-A0A2-872744B8BF68",
"versionEndExcluding": "17.7.2",
"versionStartExcluding": "17.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc)."
},
{
"lang": "es",
"value": "La funci\u00f3n BN_mod_sqrt(), que calcula una ra\u00edz cuadrada modular, contiene un error que puede causar un bucle eterno para m\u00f3dulos no primos. Internamente, esta funci\u00f3n es usado cuando son analizados certificados que contienen claves p\u00fablicas de curva el\u00edptica en forma comprimida o par\u00e1metros de curva el\u00edptica expl\u00edcitos con un punto base codificado en forma comprimida. Es posible desencadenar el bucle infinito si es dise\u00f1ado un certificado con par\u00e1metros de curva expl\u00edcitos no v\u00e1lidos. Dado que el an\u00e1lisis del certificado es realizado antes de la verificaci\u00f3n de la firma del certificado, cualquier proceso que analice un certificado suministrado externamente puede ser objeto de un ataque de denegaci\u00f3n de servicio. El bucle infinito tambi\u00e9n puede alcanzarse cuando son analizadas claves privadas dise\u00f1adas, ya que pueden contener par\u00e1metros expl\u00edcitos de la curva el\u00edptica. Por lo tanto, las situaciones vulnerables incluyen: - Clientes TLS que consumen certificados de servidor - Servidores TLS que consumen certificados de cliente - Proveedores de hosting que toman certificados o claves privadas de clientes - Autoridades de certificaci\u00f3n que analizan peticiones de certificaci\u00f3n de suscriptores - Cualquier otra cosa que analice par\u00e1metros de curva el\u00edptica ASN.1 Tambi\u00e9n cualquier otra aplicaci\u00f3n que utilice BN_mod_sqrt() donde el atacante pueda controlar los valores de los par\u00e1metros es vulnerable a este problema de DoS. En OpenSSL versi\u00f3n 1.0.2, la clave p\u00fablica no es analizada durante el an\u00e1lisis inicial del certificado, lo que dificulta ligeramente la activaci\u00f3n del bucle infinito. Sin embargo, cualquier operaci\u00f3n que requiera la clave p\u00fablica del certificado desencadenar\u00e1 el bucle infinito. En particular, el atacante puede usar un certificado autofirmado para desencadenar el bucle durante la verificaci\u00f3n de la firma del certificado. Este problema afecta a OpenSSL versiones 1.0.2, 1.1.1 y 3.0. Fue abordado en las versiones 1.1.1n y 3.0.2 del 15 de marzo de 2022. Corregido en OpenSSL versi\u00f3n 3.0.2 (Afectado 3.0.0,3.0.1). Corregido en OpenSSL versi\u00f3n 1.1.1n (Afectado 1.1.1-1.1.1m). Corregido en OpenSSL versi\u00f3n 1.0.2zd (Afectado 1.0.2-1.0.2zc)"
}
],
"id": "CVE-2022-0778",
"lastModified": "2024-11-21T06:39:22.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T17:15:08.513",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf"
},
{
"source": "openssl-security@openssl.org",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65"
},
{
"source": "openssl-security@openssl.org",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83"
},
{
"source": "openssl-security@openssl.org",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-02"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220321-0002/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
},
{
"source": "openssl-security@openssl.org",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5103"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20220315.txt"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-06"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-07"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-08"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220321-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20220315.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-09"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-14 15:15
Modified
2024-11-21 07:05
Severity ?
Summary
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/1524692 | Exploit, Issue Tracking, Third Party Advisory | |
| support@hackerone.com | https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ | Patch, Vendor Advisory | |
| support@hackerone.com | https://www.debian.org/security/2023/dsa-5326 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1524692 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5326 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "C2150173-C986-4D63-AA7F-9618AA856F2C",
"versionEndExcluding": "2.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "FBB4A716-D0D0-4319-BAF0-7F012973330A",
"versionEndExcluding": "6.0.7",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482",
"versionEndIncluding": "14.14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "3EB02718-B2A5-4822-B611-D62BB9EF44B0",
"versionEndExcluding": "14.20.0",
"versionStartIncluding": "14.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1D1D0CEC-62E5-4368-B8F2-1DA5DD0B88FA",
"versionEndIncluding": "16.12.0",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "D9D9B02E-C965-408B-999E-1F3DA09B62AA",
"versionEndExcluding": "16.16.0",
"versionStartIncluding": "16.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D224E154-915A-4E2C-A0D7-D28D1C1472F7",
"versionEndExcluding": "18.5.0",
"versionStartIncluding": "18.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8085B7-6068-464E-B00E-638F49F60730",
"versionEndExcluding": "3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The llhttp parser \u003cv14.20.1, \u003cv16.17.1 and \u003cv18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS)."
},
{
"lang": "es",
"value": "El parser llhttp anteriores a la versi\u00f3n v14.20.1, anteriores a la versi\u00f3n v16.17.1 y anteriores a la versi\u00f3n v18.9.1 del m\u00f3dulo http en Node.js no utiliza estrictamente la secuencia CRLF para delimitar las peticiones HTTP. Esto puede llevar a un contrabando de peticiones HTTP (HRS)"
}
],
"id": "CVE-2022-32214",
"lastModified": "2024-11-21T07:05:56.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T15:15:08.337",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1524692"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1524692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-06 21:15
Modified
2024-11-21 05:38
Severity ?
Summary
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| oracle | graalvm | 19.3.4 | |
| oracle | graalvm | 20.3.0 | |
| siemens | sinec_infrastructure_network_services | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "8042EBD0-9F28-43DF-BF27-DD3BBBD3E017",
"versionEndExcluding": "10.23.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "5E1AAC61-6E2E-46F8-BB51-D615FC87DA3B",
"versionEndExcluding": "12.20.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "1DF64627-51CF-41BB-A9D2-B23DAC590FF0",
"versionEndExcluding": "14.15.4",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "B6E4C7D3-2F1D-49B8-95AF-B89D82267ECB",
"versionEndExcluding": "15.5.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "937F66F5-F5BA-4156-82E0-EB2C99ABD41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "BC0F8B31-F93B-40B6-9C06-A3996DC63829",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling."
},
{
"lang": "es",
"value": "Node.js versiones anteriores a 10.23.1, 12.20.1, 14.15.4, 15.5.1 permiten dos copias de un campo de encabezado en una petici\u00f3n HTTP (por ejemplo, dos campos de encabezado Transfer-Encoding).\u0026#xa0;En este caso, Node.js identifica el primer campo de encabezado e ignora el segundo.\u0026#xa0;Esto puede conllevar a un Tr\u00e1fico no Autorizado de Peticiones HTTP"
}
],
"id": "CVE-2020-8287",
"lastModified": "2024-11-21T05:38:39.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-06T21:15:14.707",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1002188"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00009.html"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4/"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-07"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0003/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4826"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1002188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-13 21:15
Modified
2025-01-14 19:29
Severity ?
Summary
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93988E60-006B-434D-AB16-1FA1D2FEBC2A",
"versionEndIncluding": "1.4.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D294D56-E784-4DA8-9C2C-BC5A05C92C0C",
"versionStartIncluding": "10.12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B1D2F6-BC1F-47AF-B4E6-4B50986AC622",
"versionStartIncluding": "14.04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "603BF43B-FC99-4039-A3C0-467F015A32FA",
"versionEndIncluding": "6.2.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07BB02CE-D4F2-459C-B0C6-FF78BF7996AE",
"versionEndIncluding": "7.1.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D875E0D8-D109-4F7F-A4C4-9EDD66CEE74E",
"versionEndIncluding": "8.0.3",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C997777-BE79-4F77-90D7-E1A71D474D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9685B12-824F-42AD-B87C-6E7A78BB7FA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0C5120-B961-440F-B454-584BC54B549C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCBDFF9-AF42-4681-879B-CF789EBAD130",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2466282-51AB-478D-9FF4-FA524265ED2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0952BA1A-5DF9-400F-B01F-C3A398A8A2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B157A2D-3422-4224-82D9-15AB3B989075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "732F14CE-7994-4DD2-A28B-AE9E79826C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C120C2F1-D50D-49CC-8E96-207ACCA49674",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "765E9856-2748-4A8B-91F5-A4DB3C8C547A",
"versionEndExcluding": "7.7.2.24",
"versionStartIncluding": "7.7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6E66B1-3291-4E8E-93D6-30E9FDCF983E",
"versionEndExcluding": "7.8.2.13",
"versionStartIncluding": "7.8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "227104AD-396D-4ADD-87C7-C4CD5583DA04",
"versionEndExcluding": "8.2.0",
"versionStartIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68DD813A-1BC4-45FB-A3C4-E1BCE5F82EC1",
"versionEndExcluding": "1.16.1",
"versionStartIncluding": "1.9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1705D3-ABAB-477E-9572-7D4DBAB4E38B",
"versionEndIncluding": "1.17.2",
"versionStartIncluding": "1.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E11C65C3-1B17-4362-A99C-59583081A24D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348EEE70-E114-4720-AAAF-E77DE5C9A2D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "CFC0252A-DF1D-4CF4-B450-27267227B599",
"versionEndExcluding": "8.16.1",
"versionStartIncluding": "8.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "25A3180B-21AF-4010-9DAB-41ADFD2D8031",
"versionEndIncluding": "10.12.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "2EC65858-FF7B-4171-82EA-80942D426F40",
"versionEndExcluding": "10.16.3",
"versionStartIncluding": "10.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F522C500-AA33-4029-865F-F27FB00A354E",
"versionEndExcluding": "12.8.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU."
},
{
"lang": "es",
"value": "Algunas implementaciones de HTTP / 2 son vulnerables a los bucles de recursos, lo que puede conducir a una denegaci\u00f3n de servicio. El atacante crea m\u00faltiples flujos de solicitud y baraja continuamente la prioridad de los flujos de una manera que provoca un cambio considerable en el \u00e1rbol de prioridad. Esto puede consumir un exceso de CPU."
}
],
"id": "CVE-2019-9513",
"lastModified": "2025-01-14T19:29:55.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cret@cert.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-13T21:15:12.380",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2692"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2745"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2746"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2775"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2799"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2949"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3041"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/40"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/1"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K02591030"
},
{
"source": "cret@cert.org",
"url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K02591030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-28 17:29
Modified
2024-12-27 16:15
Severity ?
Summary
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_eus | 8.2 | |
| redhat | enterprise_linux_eus | 8.4 | |
| redhat | enterprise_linux_eus | 8.6 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.6 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.6 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "30C30A13-A774-48C1-A0FC-1F31327DE909",
"versionEndExcluding": "6.15.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "1B607427-7A5B-4F24-B042-CF4BF95DC185",
"versionEndExcluding": "8.14.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "34D3C40A-3BE7-42A4-BE15-762CEE1754C4",
"versionEndExcluding": "10.14.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "4E62EA78-C705-4AC9-9C0B-3C9114087C37",
"versionEndExcluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*",
"matchCriteriaId": "053C1B35-3869-41C2-9551-044182DE0A64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer."
},
{
"lang": "es",
"value": "Node.js: Todas las versiones anteriores a la 6.15.0, 8.14.0, 10.14.0 y 11.3.0: Denegaci\u00f3n de servicio (DoS) con cabeceras HTTP grandes. Mediante la combinaci\u00f3n de muchas peticiones con cabeceras de tama\u00f1o m\u00e1ximo (casi 80 KB por conexi\u00f3n) y al terminar a su debido tiempo las cabeceras, es posible provocar que el servidor HTTP aborte el fallo de asignaci\u00f3n de memoria din\u00e1mica (heap). El potencial del ataque se ve mitigado por el uso de un balance de carga u otra capa del proxy."
}
],
"id": "CVE-2018-12121",
"lastModified": "2024-12-27T16:15:22.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-28T17:29:00.337",
"references": [
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106043"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1821"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2258"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3497"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20241227-0008/"
}
],
"sourceIdentifier": "cve-request@iojs.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "cve-request@iojs.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-23 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2014/05/13/1 | Mailing List | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2014/05/15/2 | Mailing List | |
| cve@mitre.org | http://www.securityfocus.com/bid/67389 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/isaacs/st | Third Party Advisory | |
| cve@mitre.org | https://nodesecurity.io/advisories/st_directory_traversal | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/05/13/1 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/05/15/2 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/67389 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/isaacs/st | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodesecurity.io/advisories/st_directory_traversal | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F39DC714-5E4F-4B06-89C3-CD145AD40A7C",
"versionEndIncluding": "0.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el m\u00c3\u00b3dulo st en versiones anteriores a la 0.2.5 para Node.js permite que atacantes remotos lean archivos arbitrarios mediante un %2e%2e (punto punto de manera codificada) en una ruta no especificada."
}
],
"id": "CVE-2014-3744",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-23T18:29:00.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/13/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/67389"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/isaacs/st"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://nodesecurity.io/advisories/st_directory_traversal"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/13/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/67389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/isaacs/st"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://nodesecurity.io/advisories/st_directory_traversal"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-13 21:15
Modified
2025-01-14 19:29
Severity ?
Summary
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | swiftnio | * | |
| apple | mac_os_x | * | |
| canonical | ubuntu_linux | * | |
| apache | traffic_server | * | |
| apache | traffic_server | * | |
| apache | traffic_server | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| synology | skynas | - | |
| synology | diskstation_manager | 6.2 | |
| synology | vs960hd_firmware | - | |
| synology | vs960hd | - | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| redhat | jboss_core_services | 1.0 | |
| redhat | jboss_enterprise_application_platform | 7.2.0 | |
| redhat | jboss_enterprise_application_platform | 7.3.0 | |
| redhat | openshift_service_mesh | 1.0 | |
| redhat | quay | 3.0.0 | |
| redhat | software_collections | 1.0 | |
| redhat | enterprise_linux | 8.0 | |
| oracle | graalvm | 19.2.0 | |
| mcafee | web_gateway | * | |
| mcafee | web_gateway | * | |
| mcafee | web_gateway | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93988E60-006B-434D-AB16-1FA1D2FEBC2A",
"versionEndIncluding": "1.4.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D294D56-E784-4DA8-9C2C-BC5A05C92C0C",
"versionStartIncluding": "10.12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B1D2F6-BC1F-47AF-B4E6-4B50986AC622",
"versionStartIncluding": "14.04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "603BF43B-FC99-4039-A3C0-467F015A32FA",
"versionEndIncluding": "6.2.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07BB02CE-D4F2-459C-B0C6-FF78BF7996AE",
"versionEndIncluding": "7.1.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D875E0D8-D109-4F7F-A4C4-9EDD66CEE74E",
"versionEndIncluding": "8.0.3",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C997777-BE79-4F77-90D7-E1A71D474D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9685B12-824F-42AD-B87C-6E7A78BB7FA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0C5120-B961-440F-B454-584BC54B549C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCBDFF9-AF42-4681-879B-CF789EBAD130",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2466282-51AB-478D-9FF4-FA524265ED2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0952BA1A-5DF9-400F-B01F-C3A398A8A2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B157A2D-3422-4224-82D9-15AB3B989075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "732F14CE-7994-4DD2-A28B-AE9E79826C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C120C2F1-D50D-49CC-8E96-207ACCA49674",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "765E9856-2748-4A8B-91F5-A4DB3C8C547A",
"versionEndExcluding": "7.7.2.24",
"versionStartIncluding": "7.7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6E66B1-3291-4E8E-93D6-30E9FDCF983E",
"versionEndExcluding": "7.8.2.13",
"versionStartIncluding": "7.8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "227104AD-396D-4ADD-87C7-C4CD5583DA04",
"versionEndExcluding": "8.2.0",
"versionStartIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "CFC0252A-DF1D-4CF4-B450-27267227B599",
"versionEndExcluding": "8.16.1",
"versionStartIncluding": "8.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "25A3180B-21AF-4010-9DAB-41ADFD2D8031",
"versionEndIncluding": "10.12.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "2EC65858-FF7B-4171-82EA-80942D426F40",
"versionEndExcluding": "10.16.3",
"versionStartIncluding": "10.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F522C500-AA33-4029-865F-F27FB00A354E",
"versionEndExcluding": "12.8.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU."
},
{
"lang": "es",
"value": "Algunas implementaciones de HTTP / 2 son vulnerables a una avalancha de tramas vac\u00edas, lo que puede conducir a una denegaci\u00f3n de servicio. El atacante env\u00eda una secuencia de tramas con una carga \u00fatil vac\u00eda y sin el indicador de fin de secuencia. Estos marcos pueden ser DATA, HEADERS, CONTINUATION y / o PUSH_PROMISE. El par pasa tiempo procesando cada cuadro desproporcionado para atacar el ancho de banda. Esto puede consumir un exceso de CPU."
}
],
"id": "CVE-2019-9518",
"lastModified": "2025-01-14T19:29:55.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cret@cert.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-13T21:15:13.003",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61%40%3Cusers.trafficserver.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d%40%3Cannounce.trafficserver.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107%40%3Cdev.trafficserver.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/18"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K46011592"
},
{
"source": "cret@cert.org",
"url": "https://support.f5.com/csp/article/K46011592?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61%40%3Cusers.trafficserver.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d%40%3Cannounce.trafficserver.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107%40%3Cdev.trafficserver.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K46011592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K46011592?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-04 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openssl | openssl | 1.1.0a | |
| openssl | openssl | 1.1.0b | |
| openssl | openssl | 1.1.0c | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2a | |
| openssl | openssl | 1.0.2b | |
| openssl | openssl | 1.0.2c | |
| openssl | openssl | 1.0.2d | |
| openssl | openssl | 1.0.2e | |
| openssl | openssl | 1.0.2f | |
| openssl | openssl | 1.0.2h | |
| openssl | openssl | 1.0.2i | |
| openssl | openssl | 1.0.2j | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7A18A-116B-4F68-BEA3-A4E9DDDA55C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC70262-0DCD-4B46-9C96-FD18D0207511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E07A34-08A0-4765-AF81-46A3BDC5648A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "18797BEE-417D-4959-9AAD-C5A7C051B524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6FAA3C31-BD9D-45A9-A502-837FECA6D479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6455A421-9956-4846-AC7C-3431E0D37D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "94D9EC1C-4843-4026-9B05-E060E9391734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
"matchCriteriaId": "036FB24F-7D86-4730-8BC9-722875BEC807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF148A3-1AA7-4F27-85AB-414C609C626F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*",
"matchCriteriaId": "E15B749E-6808-4788-AE42-7A1587D8697E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "934083EB-2961-49FF-B8D7-B870D1FA3CB8",
"versionEndExcluding": "4.7.3",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "121E5D5D-B4D9-43F3-B5C9-74590192FAF1",
"versionEndIncluding": "5.12.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "14346EBC-1890-472B-B236-06FE381229EC",
"versionEndExcluding": "6.9.5",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "2EE58CC5-2E12-4DA9-8AF2-9739CE393008",
"versionEndExcluding": "7.5.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k."
},
{
"lang": "es",
"value": "Si un servidor o cliente SSL/TLS se ejecuta en un host de 32 bits y se utiliza un cifrador espec\u00edfico, un paquete truncado puede dar lugar a que el servidor o el cliente realicen una lectura fuera de l\u00edmites que, normalmente, provoca un cierre inesperado En OpenSSL 1.1.0, el cierre inesperado se puede desencadenar cuando se usa CHACHA20/POLY1305"
}
],
"id": "CVE-2017-3731",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-04T19:29:00.353",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3773"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95813"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037717"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2185"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2186"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-07"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2017-3731"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20170126.txt"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2017-3731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20170126.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2017-04"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-23 00:15
Modified
2024-11-21 08:00
Severity ?
Summary
The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20.
Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "C5D7BC2C-D9AF-4048-9D36-55BF7CB6632B",
"versionEndExcluding": "16.20.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "5C30F3E9-6CB7-4616-824E-A97BB69FB7E3",
"versionEndExcluding": "18.16.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "220A3D52-0B69-438A-B042-F19694CC63F1",
"versionEndExcluding": "20.3.1",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js"
},
{
"lang": "es",
"value": "El uso de __proto__ en process.mainModule.__proto__.require() puede omitir el mecanismo de pol\u00edticas y requerir m\u00f3dulos fuera de la definici\u00f3n de policy.json. Esta vulnerabilidad afecta a todos los usuarios que utilizan el mecanismo de pol\u00edtica experimental en todas las l\u00edneas de lanzamiento activas: v16, v18 y v20. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, la pol\u00edtica era una caracter\u00edstica experimental de Node.js."
}
],
"id": "CVE-2023-30581",
"lastModified": "2024-11-21T08:00:27.393",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-23T00:15:07.980",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Release Notes"
],
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-11 17:15
Modified
2024-11-21 02:21
Severity ?
Summary
The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libuv | libuv | * | |
| microsoft | windows_server_2003 | - | |
| microsoft | windows_xp | - | |
| nodejs | node.js | * | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libuv:libuv:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC7386D-7909-47FB-9B43-E02D9B01A16F",
"versionEndExcluding": "1.7.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3527F41-A6ED-437D-9833-458A2C60C2A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91D770B4-E1AB-40F6-A9FC-88E0FE860C81",
"versionEndExcluding": "0.10.46",
"versionStartIncluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90D7908B-0B23-4CC4-9585-0120DF187A47",
"versionEndExcluding": "0.12.15",
"versionStartIncluding": "0.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition."
},
{
"lang": "es",
"value": "La implementaci\u00f3n fallback de uv_rwlock_t para Windows XP y Server 2003 en libuv versiones anteriores a 1.7.4, no impide apropiadamente que los subprocesos (hilos) liberen los bloqueos de otros subprocesos (hilos), lo que permite a atacantes causar una denegaci\u00f3n de servicio (punto muerto) o posiblemente tener otro impacto no especificado mediante el aprovechamiento de una condici\u00f3n de carrera."
}
],
"id": "CVE-2014-9748",
"lastModified": "2024-11-21T02:21:34.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-11T17:15:11.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libuv/libuv/issues/515"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libuv/libuv/pull/516"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nodejs/node/pull/2723"
},
{
"source": "cve@mitre.org",
"url": "https://groups.google.com/forum/#%21msg/libuv/KyNnGEXR0OA/NWb605ev2LUJ"
},
{
"source": "cve@mitre.org",
"url": "https://groups.google.com/forum/#%21topic/libuv/WO2cl9zasN8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libuv/libuv/issues/515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libuv/libuv/pull/516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nodejs/node/pull/2723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21msg/libuv/KyNnGEXR0OA/NWb605ev2LUJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21topic/libuv/WO2cl9zasN8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-20 02:15
Modified
2025-03-13 15:15
Severity ?
Summary
On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.
Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.
This allows unprivileged users to inject code that inherits the process's elevated privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | http://www.openwall.com/lists/oss-security/2024/03/11/1 | Mailing List, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/2237545 | Issue Tracking, Third Party Advisory | |
| support@hackerone.com | https://security.netapp.com/advisory/ntap-20240322-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/03/11/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/2237545 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240322-0003/ | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2FD72E7-64E4-4F5C-B39D-3DBB87CF8675",
"versionEndExcluding": "18.19.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C20DA8F-2F0C-4323-B67D-8ADF50D5983A",
"versionEndExcluding": "20.11.1",
"versionStartIncluding": "20.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "211B62F4-4CC3-41CA-91FA-E14C5AC0335A",
"versionEndExcluding": "21.6.2",
"versionStartIncluding": "21.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.\nDue to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.\nThis allows unprivileged users to inject code that inherits the process\u0027s elevated privileges."
},
{
"lang": "es",
"value": "En Linux, Node.js ignora ciertas variables de entorno si pueden haber sido configuradas por un usuario sin privilegios mientras el proceso se ejecuta con privilegios elevados con la \u00fanica excepci\u00f3n de CAP_NET_BIND_SERVICE. Debido a un error en la implementaci\u00f3n de esta excepci\u00f3n, Node.js aplica incorrectamente esta excepci\u00f3n incluso cuando se han configurado otras capacidades. Esto permite a los usuarios sin privilegios inyectar c\u00f3digo que hereda los privilegios elevados del proceso."
}
],
"id": "CVE-2024-21892",
"lastModified": "2025-03-13T15:15:41.433",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 5.8,
"source": "support@hackerone.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-20T02:15:50.567",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/2237545"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240322-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/2237545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240322-0003/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-12 02:15
Modified
2024-11-21 08:03
Severity ?
Summary
The use of the deprecated API `process.binding()` can bypass the permission model through path traversal.
This vulnerability affects all users using the experimental permission model in Node.js 20.x.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/2051257 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/2051257 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20241025-0003/ |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1B1EE318-9E7D-4AF1-9FB5-245C9F8BBBE0",
"versionEndExcluding": "20.5.1",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. \n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.x.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
},
{
"lang": "es",
"value": "El uso de la API obsoleta `process.binding()` puede omitir el modelo de permiso a trav\u00e9s del Path Traversal. Esta vulnerabilidad afecta a todos los usuarios que utilizan el modelo de permisos experimental en Node.js 20.x. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el modelo de permiso es una caracter\u00edstica experimental de Node.js."
}
],
"id": "CVE-2023-32558",
"lastModified": "2024-11-21T08:03:35.867",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-12T02:15:12.067",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/2051257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/2051257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20241025-0003/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-25 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| nodejs | node.js | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC271026-1CD7-42F7-8754-1C5144AD590B",
"versionEndIncluding": "53.0.2785.101",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code."
},
{
"lang": "es",
"value": "El analizador en Google V8, como se usa en Google Chrome en versiones anteriores a 53.0.2785.113, no maneja correctamente alcances, lo que permite a atacantes remotos obtener informaci\u00f3n sensible desde localizaciones de memoria arbitrarias a trav\u00e9s de un c\u00f3digo JavaScript manipulado."
}
],
"id": "CVE-2016-5172",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-25T20:59:04.260",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/92942"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securitytracker.com/id/1036826"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://codereview.chromium.org/2077283004"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/616386"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.chromium.org/2077283004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/616386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201610-09"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-15 16:15
Modified
2024-11-21 08:02
Severity ?
Summary
The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.
This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.
Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F7394398-D1FA-4786-B962-7D0FFF50DB2D",
"versionEndIncluding": "16.20.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "7DAF267F-6FDD-4914-B37E-181B91BF8B64",
"versionEndIncluding": "18.17.0",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "145E971E-F0AF-49A7-8A9C-3AAFE01C076B",
"versionEndIncluding": "20.5.0",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js."
},
{
"lang": "es",
"value": "El uso de \u0027module.constructor.createRequire()\u0027 puede omitir el mecanismo de pol\u00edticas y requerir m\u00f3dulos fuera de la definici\u00f3n policy.json para un m\u00f3dulo determinado. Esta vulnerabilidad afecta a todos los usuarios que usan el mecanismo de directiva experimental en todas las l\u00edneas de versi\u00f3n activas: 16.x, 18.x y 20.x. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, la pol\u00edtica es una caracter\u00edstica experimental de Node.js."
}
],
"id": "CVE-2023-32006",
"lastModified": "2024-11-21T08:02:30.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T16:15:11.460",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking"
],
"url": "https://hackerone.com/reports/2043807"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/"
},
{
"source": "support@hackerone.com",
"url": "https://security.netapp.com/advisory/ntap-20230915-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://hackerone.com/reports/2043807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230915-0009/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-21 12:29
Modified
2024-11-21 03:44
Severity ?
Summary
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F608F84-5A94-4DC1-A7B8-E19028F96A40",
"versionEndExcluding": "6.14.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "468A9D35-95E1-473B-A5D3-9BD78818F599",
"versionEndExcluding": "8.11.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48A01678-361E-4F23-B7D6-41B0C145F491",
"versionEndExcluding": "10.9.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written."
},
{
"lang": "es",
"value": "En todas las versiones de Node.js anteriores a la 6.14.4, 8.11.4 y 10.9.0, cuando se utiliza con codificaci\u00f3n UCS-2 (reconocida por Node.js bajo los nombres \"ucs2\", \"ucs-2\", \"utf16le\" y \"utf-16le\"), se puede explotar \"Buffer#write()\" para escribir fuera de los l\u00edmites de un b\u00fafer. Las escrituras que empiezan desde la segunda hasta la \u00faltima posici\u00f3n de un b\u00fafer provocan un error de c\u00e1lculo de la longitud m\u00e1xima de los bytes de entrada que se van a escribir."
}
],
"id": "CVE-2018-12115",
"lastModified": "2024-11-21T03:44:37.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-21T12:29:00.210",
"references": [
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105127"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2552"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2553"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2944"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2949"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3537"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
},
{
"source": "cve-request@iojs.org",
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202003-48"
}
],
"sourceIdentifier": "cve-request@iojs.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "cve-request@iojs.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-03 23:15
Modified
2024-11-21 04:56
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nghttp2 | nghttp2 | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.1 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 33 | |
| oracle | banking_extensibility_workbench | 14.3.0 | |
| oracle | banking_extensibility_workbench | 14.4.0 | |
| oracle | blockchain_platform | * | |
| oracle | enterprise_communications_broker | 3.1.0 | |
| oracle | enterprise_communications_broker | 3.2.0 | |
| oracle | graalvm | 19.3.2 | |
| oracle | graalvm | 20.1.0 | |
| oracle | mysql | * | |
| oracle | mysql | * | |
| oracle | mysql | * | |
| oracle | mysql | * | |
| oracle | mysql | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8F12EE-F729-4A29-A21C-254E2E13B649",
"versionEndExcluding": "1.41.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EABAFD73-150F-4DFE-B721-29EB4475D979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE57039D-E2EE-4014-A7B1-D7380D26098E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7",
"versionEndExcluding": "21.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E11C65C3-1B17-4362-A99C-59583081A24D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348EEE70-E114-4720-AAAF-E77DE5C9A2D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.3.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "909B4029-1D4F-4D60-AC6D-98C7E9FF1B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.1.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B501426C-7FB5-4C0D-83E4-0279746EFBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2F1144-F032-4687-8F76-1A4E45BCD8F3",
"versionEndIncluding": "7.3.30",
"versionStartIncluding": "7.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD5F19DF-F8E7-48B4-BBFA-22A0118584CB",
"versionEndIncluding": "7.4.29",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7FA925-B9AC-4819-AAC1-C3478D80E3E7",
"versionEndIncluding": "7.5.19",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF828AB6-ED4E-4AA9-9E8D-58E715DBDB1D",
"versionEndIncluding": "7.6.15",
"versionStartIncluding": "7.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A885799-F19A-41B5-B015-B318ED959755",
"versionEndIncluding": "8.0.21",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "25A3180B-21AF-4010-9DAB-41ADFD2D8031",
"versionEndIncluding": "10.12.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "E9E9BD86-6374-45B3-8727-AACED7C8F3B9",
"versionEndExcluding": "10.21.0",
"versionStartIncluding": "10.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "564ED5C8-50D7-413A-B88E-E62B6C07336A",
"versionEndIncluding": "12.12.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "319C5BC0-7893-4FEC-8051-C8067F5007D0",
"versionEndExcluding": "12.18.0",
"versionStartIncluding": "12.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "7AB132F1-11B6-4B70-8819-4ADD7B6C814E",
"versionEndIncluding": "14.4.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., \u003e 32), then drop the connection."
},
{
"lang": "es",
"value": "En nghttp2 versiones anteriores a 1.41.0, la carga \u00fatil de la trama HTTP/2 SETTINGS demasiado grande causa una denegaci\u00f3n de servicio. El ataque de prueba de concepto involucra a un cliente malicioso que construye una trama SETTINGS con una longitud de 14,400 bytes (2400 entradas de configuraciones individuales) una y otra vez. El ataque causa que la CPU se aumente al 100%. nghttp2 versi\u00f3n v1.41.0 corrige esta vulnerabilidad. Existe una soluci\u00f3n alternativa a esta vulnerabilidad. Implemente la funci\u00f3n nghttp2_on_frame_recv_callback callback, y si la trama es recibida es la trama SETTINGS y el n\u00famero de entradas de configuraci\u00f3n es grande (por ejemplo, mayor a 32), luego desconecte la conexi\u00f3n"
}
],
"id": "CVE-2020-11080",
"lastModified": "2024-11-21T04:56:44.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-03T23:15:11.073",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4696"
},
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-707"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-18 21:15
Modified
2024-11-21 05:38
Severity ?
Summary
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "3161B3E1-1269-4718-AE6A-2C122E1B52D3",
"versionEndExcluding": "10.22.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "3CB8E8E0-24CC-417B-96D7-AF53B2296661",
"versionEndExcluding": "12.18.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F0300B3A-89AE-40AF-BDAF-EB3F5DA6A66E",
"versionEndExcluding": "14.9.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The implementation of realpath in libuv \u003c 10.22.1, \u003c 12.18.4, and \u003c 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de realpath en libuv versiones anteriores a versiones anteriores a 10.22.1, versiones anteriores a 12.18.4 y versiones anteriores a 14.9.0, usada dentro de Node.js determin\u00f3 incorrectamente el tama\u00f1o del b\u00fafer, lo que puede resultar en un desbordamiento del b\u00fafer si la ruta resuelta tiene m\u00e1s de 256 bytes"
}
],
"id": "CVE-2020-8252",
"lastModified": "2024-11-21T05:38:35.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-18T21:15:13.497",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/965914"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202009-15"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0004/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4548-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/965914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202009-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4548-1/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-07 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/99148 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://c-ares.haxx.se/0616.patch | Mailing List, Vendor Advisory | |
| cve@mitre.org | https://c-ares.haxx.se/adv_20170620.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99148 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://c-ares.haxx.se/0616.patch | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://c-ares.haxx.se/adv_20170620.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| c-ares | c-ares | 1.8.0 | |
| c-ares | c-ares | 1.9.0 | |
| c-ares | c-ares | 1.9.1 | |
| c-ares | c-ares | 1.10.0 | |
| c-ares | c-ares | 1.12.0 | |
| c-ares_project | c-ares | 1.11.0 | |
| c-ares_project | c-ares | 1.11.0 | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BDB0FC-AA36-4C41-B3DC-201F0DE0191A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B38F8E2-7710-4303-A80F-9009619BEC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1637EF-3393-4770-91AE-89EA53D57830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93FA2559-0DB1-49BE-A6E6-C73408F4AB57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B92EADF5-3500-4F37-808E-41DC48DE8D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares_project:c-ares:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F4F4BD-4316-4CB2-8FCE-9EE5C59E64EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares_project:c-ares:1.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "476034B6-69BF-4130-8139-D5DDC1EB0028",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "AC1070A7-E3E0-423C-A73A-040FCED8AD96",
"versionEndExcluding": "4.8.4",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "121E5D5D-B4D9-43F3-B5C9-74590192FAF1",
"versionEndIncluding": "5.12.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "6EA3B1B4-3576-4508-AC77-4AE3A5622E09",
"versionEndExcluding": "6.11.1",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "B9C02D94-B713-4BE4-8C26-F21C2ADC01B0",
"versionEndExcluding": "7.10.1",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "02C6E585-2704-4EC2-BED1-CF6D61BE9CC9",
"versionEndExcluding": "8.1.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way."
},
{
"lang": "es",
"value": "La funci\u00f3n \"ares_parse_naptr_reply()\" de c-ares, que es usada para analizar las respuestas NAPTR, podr\u00eda ser activada para leer la memoria fuera del b\u00fafer de entrada dado si el pasado en el paquete de respuesta DNS fue creado de una manera particular."
}
],
"id": "CVE-2017-1000381",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-07T17:29:00.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99148"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://c-ares.haxx.se/0616.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://c-ares.haxx.se/adv_20170620.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://c-ares.haxx.se/0616.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://c-ares.haxx.se/adv_20170620.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-13 21:15
Modified
2025-01-14 19:29
Severity ?
Summary
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93988E60-006B-434D-AB16-1FA1D2FEBC2A",
"versionEndIncluding": "1.4.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D294D56-E784-4DA8-9C2C-BC5A05C92C0C",
"versionStartIncluding": "10.12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B1D2F6-BC1F-47AF-B4E6-4B50986AC622",
"versionStartIncluding": "14.04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC639E9-54EB-4EBD-A444-30B2E068EC9E",
"versionEndExcluding": "2.4.40",
"versionStartIncluding": "2.4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "603BF43B-FC99-4039-A3C0-467F015A32FA",
"versionEndIncluding": "6.2.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07BB02CE-D4F2-459C-B0C6-FF78BF7996AE",
"versionEndIncluding": "7.1.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D875E0D8-D109-4F7F-A4C4-9EDD66CEE74E",
"versionEndIncluding": "8.0.3",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C997777-BE79-4F77-90D7-E1A71D474D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9685B12-824F-42AD-B87C-6E7A78BB7FA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0C5120-B961-440F-B454-584BC54B549C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCBDFF9-AF42-4681-879B-CF789EBAD130",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2466282-51AB-478D-9FF4-FA524265ED2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0952BA1A-5DF9-400F-B01F-C3A398A8A2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B157A2D-3422-4224-82D9-15AB3B989075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "732F14CE-7994-4DD2-A28B-AE9E79826C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5503EC-63B6-47EB-AE37-14DD317DDDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A99F85F8-F374-48B0-9534-BB9C07AFE76E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C120C2F1-D50D-49CC-8E96-207ACCA49674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A74FD5F-4FEA-4A74-8B92-72DFDE6BA464",
"versionEndIncluding": "17.3",
"versionStartIncluding": "17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "765E9856-2748-4A8B-91F5-A4DB3C8C547A",
"versionEndExcluding": "7.7.2.24",
"versionStartIncluding": "7.7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6E66B1-3291-4E8E-93D6-30E9FDCF983E",
"versionEndExcluding": "7.8.2.13",
"versionStartIncluding": "7.8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "227104AD-396D-4ADD-87C7-C4CD5583DA04",
"versionEndExcluding": "8.2.0",
"versionStartIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "CFC0252A-DF1D-4CF4-B450-27267227B599",
"versionEndExcluding": "8.16.1",
"versionStartIncluding": "8.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "25A3180B-21AF-4010-9DAB-41ADFD2D8031",
"versionEndIncluding": "10.12.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "2EC65858-FF7B-4171-82EA-80942D426F40",
"versionEndExcluding": "10.16.3",
"versionStartIncluding": "10.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F522C500-AA33-4029-865F-F27FB00A354E",
"versionEndExcluding": "12.8.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both."
},
{
"lang": "es",
"value": "Algunas implementaciones HTTP / 2 son vulnerables al almacenamiento en b\u00fafer de datos interal sin restricciones, lo que puede conducir a una denegaci\u00f3n de servicio. El atacante abre la ventana HTTP / 2 para que el par pueda enviar sin restricciones; sin embargo, dejan la ventana TCP cerrada para que el igual no pueda escribir (muchos de) los bytes en el cable. El atacante luego env\u00eda una secuencia de solicitudes para un objeto de respuesta grande. Dependiendo de c\u00f3mo los servidores ponen en cola las respuestas, esto puede consumir un exceso de memoria, CPU o ambos."
}
],
"id": "CVE-2019-9517",
"lastModified": "2025-01-14T19:29:55.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cret@cert.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-13T21:15:12.647",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/15/7"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2893"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2946"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2949"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2950"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb%40%3Cannounce.httpd.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50%40%3Cdev.httpd.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c%40%3Cdev.httpd.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/47"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201909-04"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0003/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190905-0003/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K02591030"
},
{
"source": "cret@cert.org",
"url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4113-1/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4509"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/15/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb%40%3Cannounce.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50%40%3Cdev.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c%40%3Cdev.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201909-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190905-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K02591030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4113-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-31 13:20
Modified
2025-04-11 00:51
Severity ?
Summary
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| chrome | 28.0.1500.0 | ||
| chrome | 28.0.1500.2 | ||
| chrome | 28.0.1500.3 | ||
| chrome | 28.0.1500.4 | ||
| chrome | 28.0.1500.5 | ||
| chrome | 28.0.1500.6 | ||
| chrome | 28.0.1500.8 | ||
| chrome | 28.0.1500.9 | ||
| chrome | 28.0.1500.10 | ||
| chrome | 28.0.1500.11 | ||
| chrome | 28.0.1500.12 | ||
| chrome | 28.0.1500.13 | ||
| chrome | 28.0.1500.14 | ||
| chrome | 28.0.1500.15 | ||
| chrome | 28.0.1500.16 | ||
| chrome | 28.0.1500.17 | ||
| chrome | 28.0.1500.18 | ||
| chrome | 28.0.1500.19 | ||
| chrome | 28.0.1500.20 | ||
| chrome | 28.0.1500.21 | ||
| chrome | 28.0.1500.22 | ||
| chrome | 28.0.1500.23 | ||
| chrome | 28.0.1500.24 | ||
| chrome | 28.0.1500.25 | ||
| chrome | 28.0.1500.26 | ||
| chrome | 28.0.1500.27 | ||
| chrome | 28.0.1500.28 | ||
| chrome | 28.0.1500.29 | ||
| chrome | 28.0.1500.31 | ||
| chrome | 28.0.1500.32 | ||
| chrome | 28.0.1500.33 | ||
| chrome | 28.0.1500.34 | ||
| chrome | 28.0.1500.35 | ||
| chrome | 28.0.1500.36 | ||
| chrome | 28.0.1500.37 | ||
| chrome | 28.0.1500.38 | ||
| chrome | 28.0.1500.39 | ||
| chrome | 28.0.1500.40 | ||
| chrome | 28.0.1500.41 | ||
| chrome | 28.0.1500.42 | ||
| chrome | 28.0.1500.43 | ||
| chrome | 28.0.1500.44 | ||
| chrome | 28.0.1500.45 | ||
| chrome | 28.0.1500.46 | ||
| chrome | 28.0.1500.47 | ||
| chrome | 28.0.1500.48 | ||
| chrome | 28.0.1500.49 | ||
| chrome | 28.0.1500.50 | ||
| chrome | 28.0.1500.51 | ||
| chrome | 28.0.1500.52 | ||
| chrome | 28.0.1500.53 | ||
| chrome | 28.0.1500.54 | ||
| chrome | 28.0.1500.56 | ||
| chrome | 28.0.1500.58 | ||
| chrome | 28.0.1500.59 | ||
| chrome | 28.0.1500.60 | ||
| chrome | 28.0.1500.61 | ||
| chrome | 28.0.1500.62 | ||
| chrome | 28.0.1500.63 | ||
| chrome | 28.0.1500.64 | ||
| chrome | 28.0.1500.66 | ||
| chrome | 28.0.1500.68 | ||
| chrome | 28.0.1500.70 | ||
| chrome | 28.0.1500.71 | ||
| chrome | 28.0.1500.72 | ||
| chrome | 28.0.1500.89 | ||
| chrome | 28.0.1500.91 | ||
| chrome | 28.0.1500.93 | ||
| redhat | openstack | 3.0 | |
| debian | debian_linux | 7.0 | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABEC3F7B-1C0C-45C4-BECB-585CD03A9208",
"versionEndIncluding": "28.0.1500.94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2102F988-D7FE-4C6B-B071-FAB66D89CB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A52A00D-37EB-4E71-A3D5-1A46F1868A41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.3:*:*:*:*:*:*:*",
"matchCriteriaId": "552543B1-4690-4175-A17D-54D7CA08BF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4EDFF6-400C-45FD-A104-5F4279DAD71B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB3D069-0A5A-4D70-B04A-837B5C1B3AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.6:*:*:*:*:*:*:*",
"matchCriteriaId": "512D0FC8-F545-4469-90F8-A080AEAB13A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.8:*:*:*:*:*:*:*",
"matchCriteriaId": "79994932-02C8-46D8-8409-C687F7327A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA6DE3E-E346-41EE-A9AA-D1EE21EF367E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C28433-3BB5-45E9-B141-822CEDB91578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5089A0F8-8304-4103-A52F-0AD4D12AB377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7907622E-FE9D-458A-B41D-BBDEDDE70B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7105D8C1-BE13-4A9C-A1E5-A153C51435BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.14:*:*:*:*:*:*:*",
"matchCriteriaId": "288DC523-66DD-404E-9C35-19BB8C81AA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC2E33D-BB49-4973-8D3F-B4067EBBDE10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.16:*:*:*:*:*:*:*",
"matchCriteriaId": "46C95C7A-BAC1-49D5-AD31-B379F05B5628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5B037988-A751-4558-8BF0-554A811007A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.18:*:*:*:*:*:*:*",
"matchCriteriaId": "CE39F0F7-9B61-4680-AD52-52524E20F110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.19:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF1CC06-48DA-4384-AFC6-7A1119093459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B20E39-F264-41C4-8B18-086E615A77C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.21:*:*:*:*:*:*:*",
"matchCriteriaId": "C057174C-3F75-4407-B9F6-4F1E9D8842FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4745501F-8661-4641-8072-E0581BFC41C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BAA9F3-4A9F-4F2D-BE7C-9D8625690215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C28BC-E337-4C6E-9F7D-681039AA541B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.25:*:*:*:*:*:*:*",
"matchCriteriaId": "40113089-6D02-4B42-8FB2-B93AE6A0D4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.26:*:*:*:*:*:*:*",
"matchCriteriaId": "953AE711-6295-41BC-9B7C-485728946A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.27:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A82B23-6C3D-4AAA-B52D-B6B15E226E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F01C37C8-ABF7-4CDC-A718-633E5E103681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.29:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DEB512-E8ED-4F5F-8031-4AED42B72B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.31:*:*:*:*:*:*:*",
"matchCriteriaId": "0CAC9DDD-26D1-4A15-B36C-AE13079F6034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F9522B-CF2F-40A8-BA0E-B338A9E871A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.33:*:*:*:*:*:*:*",
"matchCriteriaId": "179DBEF9-FD04-4C44-A419-E8537A65D340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.34:*:*:*:*:*:*:*",
"matchCriteriaId": "B340E512-1D43-4DA2-B3A4-D33A0FB81375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.35:*:*:*:*:*:*:*",
"matchCriteriaId": "5263FDC2-B2A7-4AFB-B99D-C1F567A3B4AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.36:*:*:*:*:*:*:*",
"matchCriteriaId": "A61378D0-E81E-4C71-8D87-178DDDFA4867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.37:*:*:*:*:*:*:*",
"matchCriteriaId": "8502E889-80C6-4E68-94B3-021EDD41FB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.38:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4E8F52-CFC2-4531-BD67-66978E843DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.39:*:*:*:*:*:*:*",
"matchCriteriaId": "9082AAC1-9210-4759-9A6A-D25331936054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.40:*:*:*:*:*:*:*",
"matchCriteriaId": "D794F153-0D70-44BB-BF56-15F2B3B3DF95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.41:*:*:*:*:*:*:*",
"matchCriteriaId": "3AF97A34-B96D-4752-8004-EF2580BD3B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.42:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF3D341-45E3-4741-A5FF-1CA1D1C84105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.43:*:*:*:*:*:*:*",
"matchCriteriaId": "49C331DD-69C4-43E1-A470-ED0CB560D331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.44:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1AAE18-3565-463C-ABEA-51E6CBE08F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.45:*:*:*:*:*:*:*",
"matchCriteriaId": "B8B8408F-14F3-481D-AD1F-5AE2B11FD4DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.46:*:*:*:*:*:*:*",
"matchCriteriaId": "7804BC53-2543-43B6-AB92-929EEB75704C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.47:*:*:*:*:*:*:*",
"matchCriteriaId": "577FA02C-A930-43A5-B48F-0236DF20A007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.48:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE2CE01-CEC2-4F54-A967-4E86E2014024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.49:*:*:*:*:*:*:*",
"matchCriteriaId": "71371339-DD76-41F1-8C1A-59CA3AD04707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0FECB8-6EEF-4DF7-BD07-ECA8542FFA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.51:*:*:*:*:*:*:*",
"matchCriteriaId": "F7037832-5B9F-4B8F-BFC0-51B660E14215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.52:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0E12DD-4FDD-46BC-B85F-5A828CF8041E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.53:*:*:*:*:*:*:*",
"matchCriteriaId": "761583AE-9299-4CCD-AAE6-AB031EBF8447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.54:*:*:*:*:*:*:*",
"matchCriteriaId": "592CE453-782B-4CE5-9396-C9FD9B7EEF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.56:*:*:*:*:*:*:*",
"matchCriteriaId": "A1BB39B0-97DE-47B5-9E86-2B52873687AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.58:*:*:*:*:*:*:*",
"matchCriteriaId": "798CA97C-2E50-495E-B57A-4940568F935D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.59:*:*:*:*:*:*:*",
"matchCriteriaId": "30C8219F-FEC8-4318-A94C-251F81BDBD9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.60:*:*:*:*:*:*:*",
"matchCriteriaId": "E323736A-B834-4342-85FB-8FA970C76D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.61:*:*:*:*:*:*:*",
"matchCriteriaId": "F876E661-9999-4566-88FA-D180DFF2A8C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.62:*:*:*:*:*:*:*",
"matchCriteriaId": "72233F37-A5DC-4225-81DF-3FE80D3ABB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.63:*:*:*:*:*:*:*",
"matchCriteriaId": "5064E54C-6B5E-4A23-A970-7AC2CD26401C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DF79D2-2CFA-4247-A92A-A998CB234E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.66:*:*:*:*:*:*:*",
"matchCriteriaId": "B4904FA7-84DD-4433-9FEE-B93D76AEC1F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.68:*:*:*:*:*:*:*",
"matchCriteriaId": "85DE6B5E-83AD-469D-A497-05B1715C895C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.70:*:*:*:*:*:*:*",
"matchCriteriaId": "802A2961-C8F2-4554-A4F6-D028A999BE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.71:*:*:*:*:*:*:*",
"matchCriteriaId": "E7279F77-4135-4BA5-8560-6A1C836D5833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.72:*:*:*:*:*:*:*",
"matchCriteriaId": "81E167F1-526E-44FF-837C-91589395758A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.89:*:*:*:*:*:*:*",
"matchCriteriaId": "61F05426-104E-48E4-8487-D21C3D20109B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.91:*:*:*:*:*:*:*",
"matchCriteriaId": "E553FD55-C94C-49B9-8910-F6AB1FA68052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:28.0.1500.93:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6C1C42-FF62-45FE-A9AE-8322B6255653",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6533B15B-F748-4A5D-AB86-31D38DFAE60F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "434FC60F-C507-44F2-BB50-9344DB8AF309",
"versionEndExcluding": "0.10.16",
"versionStartIncluding": "0.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\""
},
{
"lang": "es",
"value": "Google V8, usado en Google Chrome anterior a 28.0.1500.95, permite a atacantes remotos provocar una denegaci\u00f3n de servicio y causar otro tipo de impacto a trav\u00e9s de vectores que aprovechan \"la confusi\u00f3n de tipos\"."
}
],
"id": "CVE-2013-2882",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-31T13:20:13.710",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1201.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2013/dsa-2732"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://code.google.com/p/chromium/issues/detail?id=260106"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1201.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://code.google.com/p/chromium/issues/detail?id=260106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17329"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-03 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | e-series_performance_analyzer | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | snapcenter | - | |
| oracle | graalvm | 19.3.5 | |
| oracle | graalvm | 20.3.1.2 | |
| oracle | graalvm | 21.0.0.2 | |
| oracle | jd_edwards_enterpriseone_tools | * | |
| oracle | mysql_cluster | * | |
| oracle | nosql_database | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | |
| siemens | sinec_infrastructure_network_services | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "0B8440E6-CAF3-456D-A9B4-4EBF33AC3F37",
"versionEndExcluding": "10.24.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "4533F19F-C946-4203-8331-0317A0544D96",
"versionEndExcluding": "12.21.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "EB0738FA-DE42-4E1A-A67D-4C6357C2D720",
"versionEndExcluding": "14.16.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "E640EA36-17B2-4745-A831-AB8655F3579D",
"versionEndExcluding": "15.10.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "058C7C4B-D692-49DE-924A-C2725A8162D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0F0434A5-F2A1-4973-917C-A95F2ABE97D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "96DD93E0-274E-4C36-99F3-EEF085E57655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86305E47-33E9-411C-B932-08C395C09982",
"versionEndExcluding": "9.2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD765AD-DEE4-41C5-9746-A2294D5F21C7",
"versionEndIncluding": "8.0.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D04565AE-D092-4AE0-8FEE-0E8114662A1B",
"versionEndExcluding": "20.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes \u201clocalhost6\u201d. When \u201clocalhost6\u201d is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim\u0027s DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the \u201clocalhost6\u201d domain. As long as the attacker uses the \u201clocalhost6\u201d domain, they can still apply the attack described in CVE-2018-7160."
},
{
"lang": "es",
"value": "Node.js versiones anteriores a 10.24.0, 12.21.0, 14.16.0 y 15.10.0, es vulnerable a unos ataques de reenlace de DNS, ya que la lista blanca incluye \u201clocalhost6\u201d.\u0026#xa0;Cuando \u201clocalhost6\u201d no est\u00e1 presente en el archivo /etc/hosts, es solo un dominio ordinario que es resuelto por medio de DNS, es decir, a trav\u00e9s de la red.\u0026#xa0;Si el atacante controla el servidor DNS de la v\u00edctima o puede falsificar sus respuestas, la protecci\u00f3n de reenlace de DNS se puede omitir usando el dominio \"localhost6\".\u0026#xa0;Siempre que el atacante use el dominio \"localhost6\", a\u00fan puede aplicar el ataque descrito en el CVE-2018-7160"
}
],
"id": "CVE-2021-22884",
"lastModified": "2024-11-21T05:50:50.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-03T18:15:14.957",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1069487"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/#node-js-inspector-dns-rebinding-vulnerability-cve-2018-7160"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0001/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210723-0001/"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1069487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/#node-js-inspector-dns-rebinding-vulnerability-cve-2018-7160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210723-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-350"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-16 17:15
Modified
2024-11-21 05:51
Severity ?
Summary
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F12DBEEA-AAB3-4383-A3E2-F865B960BA07",
"versionEndExcluding": "1.0.2y",
"versionStartIncluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90147138-26F0-42CF-A1DB-BE1853885CA6",
"versionEndExcluding": "1.1.1j",
"versionStartIncluding": "1.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2D529D0-539D-4540-B70C-230D09A87572",
"versionEndExcluding": "6.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "657682A0-54D5-4DC6-A98E-8BAF685926C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC5C76C-3474-4B26-8CF0-2DFAFA3D5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8661D361-71B5-4C41-A818-C89EC551D900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "253603DC-2D92-442A-B3A8-A63E14D8A070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E112CFF-31F9-4D87-9A1B-AE0FCF69615E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B602F9E8-1580-436C-A26D-6E6F8121A583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61516569-C48F-4362-B334-8CA10EDB0EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "058C7C4B-D692-49DE-924A-C2725A8162D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0F0434A5-F2A1-4973-917C-A95F2ABE97D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "96DD93E0-274E-4C36-99F3-EEF085E57655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86305E47-33E9-411C-B932-08C395C09982",
"versionEndExcluding": "9.2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1CAD50-749F-4ADB-A046-BF3585677A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E14DE8-29C1-4C0C-9B31-2E3A11EE68E4",
"versionEndExcluding": "5.7.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE10671-5C91-4ACF-ABD2-255E9F2F9D79",
"versionEndExcluding": "8.0.23",
"versionStartIncluding": "8.0.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D04565AE-D092-4AE0-8FEE-0E8114662A1B",
"versionEndExcluding": "20.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A30F7908-5AF6-4761-BC6A-4C18EFAE48E5",
"versionEndExcluding": "5.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*",
"matchCriteriaId": "DB88C165-BB24-49FB-AAF6-087A766D5AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
"matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
"matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
"matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
"matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
"matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*",
"matchCriteriaId": "823DBE80-CB8D-4981-AE7C-28F3FDD40451",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E63B7B2-409A-476E-BA12-2A2D2F3B85DE",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB5D4C9-DA14-4188-9181-17336F9445F6",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B65E2F3-57EC-46C0-BB4A-0A0F3F8D387E",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90B7CFBF-761C-4EAA-A322-EF5E294AADED",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B28ABF-7E1A-4A1E-8F78-0D95D7BDF886",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E74AAF52-1388-4BD9-B17B-3A6A32CA3608",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A107698C-9C63-44A9-8A2B-81EDD5702B4C",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC0460E-4695-44FB-99EE-28B2C957B760",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD54A092-85A7-4459-9C69-19E6E24AC24B",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F813DBC-BA1E-4C73-AA11-1BD3F9508372",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFDF4F39-1C6C-4AD3-99CF-BD5B44B8C71B",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "416B805F-799A-4466-AC5A-93D083A2ABBD",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "25A3180B-21AF-4010-9DAB-41ADFD2D8031",
"versionEndIncluding": "10.12.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "67D64118-C228-41AF-8193-F90A772AAB8E",
"versionEndExcluding": "10.24.0",
"versionStartIncluding": "10.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "564ED5C8-50D7-413A-B88E-E62B6C07336A",
"versionEndIncluding": "12.12.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "F1D6CFAA-BEDB-40EB-BDE6-35BBA99F0BB4",
"versionEndExcluding": "12.21.0",
"versionStartIncluding": "12.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482",
"versionEndIncluding": "14.14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "E640EA36-17B2-4745-A831-AB8655F3579D",
"versionEndExcluding": "15.10.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:14.15.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "0425023F-CA30-4447-AD5C-B76556461CCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)."
},
{
"lang": "es",
"value": "Las llamadas a EVP_CipherUpdate, EVP_EncryptUpdate y EVP_DecryptUpdate, pueden desbordar el argumento de la longitud de salida en algunos casos en los que la longitud de entrada est\u00e1 cerca de la longitud m\u00e1xima permitida para un entero en la plataforma. En tales casos, el valor de retorno de la llamada a la funci\u00f3n ser\u00e1 1 (indicando success), pero el valor de la longitud de salida ser\u00e1 negativo. Esto podr\u00eda causar que las aplicaciones se comporten de forma incorrecta o se bloqueen. Las versiones de OpenSSL 1.1.1i e inferiores est\u00e1n afectadas por este problema. Los usuarios de estas versiones deber\u00edan actualizar a OpenSSL versi\u00f3n 1.1.1j. Las versiones de OpenSSL 1.0.2x e inferiores est\u00e1n afectadas por este problema. Sin embargo, OpenSSL versi\u00f3n 1.0.2 est\u00e1 fuera de soporte y ya no recibe actualizaciones p\u00fablicas. Los clientes con soporte Premium de OpenSSL versi\u00f3n 1.0.2 deben actualizar a la versi\u00f3n 1.0.2y. Los dem\u00e1s usuarios deben actualizar a la versi\u00f3n 1.1.1j. Corregido en OpenSSL versi\u00f3n 1.1.1j (Afect\u00f3 versiones 1.1.1-1.1.1i). Corregido en OpenSSL versi\u00f3n 1.0.2y (Afect\u00f3 versiones 1.0.2-1.0.2x)"
}
],
"id": "CVE-2021-23840",
"lastModified": "2024-11-21T05:51:55.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-16T17:15:13.300",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "openssl-security@openssl.org",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1"
},
{
"source": "openssl-security@openssl.org",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0009/"
},
{
"source": "openssl-security@openssl.org",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4855"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20210216.txt"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-03"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20210216.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-10"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-03-03 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openssl | openssl | 1.0.1 | |
| openssl | openssl | 1.0.1 | |
| openssl | openssl | 1.0.1 | |
| openssl | openssl | 1.0.1 | |
| openssl | openssl | 1.0.1a | |
| openssl | openssl | 1.0.1b | |
| openssl | openssl | 1.0.1c | |
| openssl | openssl | 1.0.1d | |
| openssl | openssl | 1.0.1e | |
| openssl | openssl | 1.0.1f | |
| openssl | openssl | 1.0.1g | |
| openssl | openssl | 1.0.1h | |
| openssl | openssl | 1.0.1i | |
| openssl | openssl | 1.0.1j | |
| openssl | openssl | 1.0.1k | |
| openssl | openssl | 1.0.1l | |
| openssl | openssl | 1.0.1m | |
| openssl | openssl | 1.0.1n | |
| openssl | openssl | 1.0.1o | |
| openssl | openssl | 1.0.1p | |
| openssl | openssl | 1.0.1q | |
| openssl | openssl | 1.0.1r | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2a | |
| openssl | openssl | 1.0.2b | |
| openssl | openssl | 1.0.2c | |
| openssl | openssl | 1.0.2d | |
| openssl | openssl | 1.0.2e | |
| openssl | openssl | 1.0.2f | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "21F16D65-8A46-4AC7-8970-73AB700035FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "92F393FF-7E6F-4671-BFBF-060162E12659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E1B85A09-CF8D-409D-966E-168F9959F6F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "CEDACCB9-8D61-49EE-9957-9E58BC7BB031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
"matchCriteriaId": "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
"matchCriteriaId": "E884B241-F9C3-44F8-A420-DE65F5F3D660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
"matchCriteriaId": "3A383620-B4F7-44A7-85DA-A4FF2E115D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0C6812-F455-49CF-B29B-9AC00306DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
"matchCriteriaId": "3703E445-17C0-4C85-A496-A35641C0C8DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
"matchCriteriaId": "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
"matchCriteriaId": "ABEC1927-F469-4B9E-B544-DA6CF90F0B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EC827B-5313-47D7-BF49-CFF033CF3D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
"matchCriteriaId": "A438E65F-33B1-46BC-AD93-200DCC6B43D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFDCF78-62C1-429E-A43C-0C9FEC14837D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
"matchCriteriaId": "6A0B4DEF-C6E8-4243-9893-6E650013600C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
"matchCriteriaId": "E28CD4F7-522F-4ECA-9035-228596CDE769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "18797BEE-417D-4959-9AAD-C5A7C051B524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6FAA3C31-BD9D-45A9-A502-837FECA6D479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6455A421-9956-4846-AC7C-3431E0D37D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "94D9EC1C-4843-4026-9B05-E060E9391734",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "30C92A41-47F3-46D7-AD29-66B717E6D5BE",
"versionEndExcluding": "4.3.2",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "183CD912-7D2E-4CCD-BA99-05AF9E685030",
"versionEndExcluding": "5.7.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack."
},
{
"lang": "es",
"value": "La funci\u00f3n MOD_EXP_CTIME_COPY_FROM_PREBUF en crypto/bn/bn_exp.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g no considera correctamente las veces que se accede al cache-bank durante la exponenciaci\u00f3n modular, lo que facilita a usuarios locales descubrir las claves RSA ejecutando una aplicaci\u00f3n manipulada en el mismo n\u00facleo de la CPU Intel Sandy Bridge como v\u00edctima y aprovech\u00e1ndose de los conflictos del cache-bank, tambi\u00e9n conocida como un ataque \"CacheBleed\"."
}
],
"id": "CVE-2016-0702",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-03T20:59:00.080",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://cachebleed.info"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://openssl.org/news/secadv/20160301.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3500"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035133"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2914-1"
},
{
"source": "secalert@redhat.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "secalert@redhat.com",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201603-15"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.openssl.org/news/secadv/20160301.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://cachebleed.info"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://openssl.org/news/secadv/20160301.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2914-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201603-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.openssl.org/news/secadv/20160301.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-25 13:29
Modified
2025-04-20 01:37
Severity ?
Summary
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0390D600-532D-4675-95BB-10EC4E06F3E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35AAF7CD-9AE6-4A4B-858E-4B17031BD058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DCB6010-AC31-4B61-9DA6-E119ADC5D70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5364365-36F1-49C0-BF8D-2D5054BC7B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0740684D-989A-4957-8AC1-AAB01A04E393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08C97202-6AEC-4B8D-B3F6-49F6AEF9CFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFA073A-9AC2-4162-9DDA-B6CD0AE53D3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8FD4B3-D515-486A-94A3-29CBDA2E25CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55E18631-9502-42CC-A85A-EA5742FDC317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCBC213-1524-4C88-9EB3-52E003070A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C928FB55-2F33-4458-8484-4010AE8883A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CEEFA5F-2B32-4CA0-84AD-E0ECA0F81078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4754B0A8-A7D7-41A1-BFE5-10D84E7CEC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D132104E-163C-47EE-B247-578D64AC88D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E208FB1-A772-4002-BD56-3360BDDFEF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "14BE6C0B-E6EC-4CD2-912B-45DE9F94BA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "714EBE27-F0D0-4B2E-90E1-4C73DF7FAA81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE8859F-1EBE-4B9A-A5ED-7FA63D68C947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1249AA75-5676-4AFC-99B4-A59DC9BE1F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E875B302-1923-40AF-B956-A063714BBA9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10940F9C-6671-4C0D-89F9-6111A44FA74D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5F031F09-0AF1-4825-8C8C-AC5A65119E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "413C8F30-5B76-49D6-95C2-E62FC34911EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA03990-23A0-4D9E-A46C-39E4C214CDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89B156BD-1465-4758-A767-5D1377FD9B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AF4AFE-14E3-4264-84BB-45B9CDB6D363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39233953-4ADE-49D7-95E8-0199008375E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "002CF669-688A-40D3-9576-17ABFB17DE4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D6AF6A-5B1A-46DE-B03D-DDEB69B86F8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F29C7E8C-8C0B-4B44-A178-5C31D9B1F3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5573D5-6792-472E-943C-582C104A9266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC50639-CD44-408B-98C2-20A6D71C454B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85C38CBB-154F-4842-B783-86DE1700A59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A52ABF-EAB6-4B14-8DF2-49E0D93F0737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64F7E56E-CA65-47C3-9ADA-F13A834D3961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "183A5888-01C5-4977-9C66-1467FFA6D457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F811E8BB-F1C8-43BE-BEAD-FC4FE122ABEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDE8D29-7C15-44D1-8D5C-0E438D9DE029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCA3C10-FB37-4256-812A-EB8A3A095E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54197CC5-9C7D-4DCE-A60F-625DE246E5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6173A6E4-F472-46CF-9762-6F3CAAFD9C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C25A52-E3C0-4429-AB96-1E33523E51D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "590070D6-198A-456E-A55D-D0B06DD3FF8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46FCC5E2-1106-4153-B8C6-5E9594735529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56778D45-8B99-406D-BE97-034D3A29F32E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C7E2F2-8C41-4F3B-848A-144DCA30FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11778EAE-5DCD-4D4E-807B-FD3C0DC47BE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C203335-0CB9-4B38-80C1-344607FFAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D70C084-6B75-401B-9F52-B3E2B5060FEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85D0381B-EECC-49E9-A43E-9877226FAFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5C5E18-2613-4851-953F-6773886A908F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2478B4BA-703D-45BD-9B59-713AEDEDB14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB33415-8446-43C6-9D1B-DF0D6BF8D0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A53CB0E-3FBA-4796-BC81-6003A7DC29DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F3F415-CD69-4E19-A4F9-3673D2907932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "758E9981-966B-4BB5-8982-183683C76228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD05686C-E548-43CB-81C1-5AE3E3E5ECBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1FAA74-207E-4E37-90F7-75202ED64E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F747352F-DFE4-45C3-9806-CBDC1E4A64E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E144BC9-0D69-4C9B-9AF0-D7730F1719EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82EA5976-2268-4FF3-BE6A-5680D45073E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E85F98DB-A43D-47C0-B271-0E25DCF0EA65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94E82A49-5897-43D4-8EF7-F743B8B909E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "083FA7D0-5707-4B87-955A-5C75E416715A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06A96BD0-0922-4E96-BE72-0FB39D6C139F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58A8B882-F8A2-4D11-B9C9-F02227661BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02AA2065-D99B-4805-BD30-63CC42B07264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "612507E3-84F7-4343-8F8F-156BF96B1535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A053FD13-3912-45D3-BBFF-A29415675B4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5406D0BF-7AA8-49A1-A712-A78D0E5A4AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "80F53DBB-AE67-47DF-81AF-3E697D099EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6E72FD09-9C0F-4685-83CE-A60823208169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B889EF50-8C17-48B1-8D79-BFBB69E0E808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A16A6C5-170F-48D2-A9B4-F64CCC436E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "96903DD4-70B8-4F30-AE8D-B5BF4235EC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F99F1B8C-B2A2-46F0-A46B-543876382BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4E9F52-DAAA-4E7E-B37A-A8612DDF6717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33314D49-3EDD-458F-9DC6-71AC0C1BF2D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6335D5-4A9B-425E-BEE2-F79BE4B07F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC03B878-CC9F-4E5B-98FF-89302D1A14C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85A26147-1A40-40BA-A31A-1D3E3C12B25A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF5735F-9BDC-4F99-8E5F-EE2BA0946B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "726FC696-439B-49FD-AD83-E8E0808A877E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6876765D-5936-49D2-ACCC-DFBAD2ADC7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "531E6D2A-80F5-4E61-9F94-20C52EF51C33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89DB06D6-94B8-47B4-A63B-678866B6CF91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "127BC110-BCB3-4EF5-918B-487AA953DAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD59683C-71B8-40B1-8F63-6C615D1F24C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46ABF6BA-B4EE-4E43-9D53-A088ED8B5C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70CF83FA-1E27-462D-9669-BCF4EA2B112C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BCAB616B-F595-4B96-960F-F0693BFE5AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF65EA06-835C-4CC6-92D4-B457C4EADD43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53E256FD-DC14-4507-9070-32940032FE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7C28EC-2D0F-4146-A495-44B5C63571C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0ABD2F-2130-40BD-B008-095AB6A93BBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "710CFCCF-7086-472E-90A9-ACE36A8F8AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E35B2D35-798E-4186-8C17-4AC717777668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC765BA6-CDB8-4C3B-9D23-64996F38027A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B35BB2AB-7E3E-450D-A135-A0A8020F0BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A710334-6ADA-4BF3-A4A8-F1EF1CC07674",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup."
},
{
"lang": "es",
"value": "Node.js versi\u00f3n v4.0 hasta v4.8.3, todas las versiones de v5.x, versi\u00f3n v6.0 hasta v6.11.0, versi\u00f3n v7.0 hasta v7.10.0, y versi\u00f3n v8.0 hasta v8.1.3, fue susceptible a ataques DoS remotos de inundaci\u00f3n de hash ya que el seed HashTable fue constante en una versi\u00f3n dada de Node.js. Esto fue el resultado de la compilaci\u00f3n con instant\u00e1neas V8 habilitadas por defecto, lo que caus\u00f3 que el seed aleatorizado inicialmente se sobrescribiera en el arranque."
}
],
"id": "CVE-2017-11499",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-25T13:29:00.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99959"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2908"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:3002"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:3002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-03-03 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openssl | openssl | 1.0.1 | |
| openssl | openssl | 1.0.1 | |
| openssl | openssl | 1.0.1 | |
| openssl | openssl | 1.0.1 | |
| openssl | openssl | 1.0.1a | |
| openssl | openssl | 1.0.1b | |
| openssl | openssl | 1.0.1c | |
| openssl | openssl | 1.0.1d | |
| openssl | openssl | 1.0.1e | |
| openssl | openssl | 1.0.1f | |
| openssl | openssl | 1.0.1g | |
| openssl | openssl | 1.0.1h | |
| openssl | openssl | 1.0.1i | |
| openssl | openssl | 1.0.1j | |
| openssl | openssl | 1.0.1k | |
| openssl | openssl | 1.0.1l | |
| openssl | openssl | 1.0.1m | |
| openssl | openssl | 1.0.1n | |
| openssl | openssl | 1.0.1o | |
| openssl | openssl | 1.0.1p | |
| openssl | openssl | 1.0.1q | |
| openssl | openssl | 1.0.1r | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2a | |
| openssl | openssl | 1.0.2b | |
| openssl | openssl | 1.0.2c | |
| openssl | openssl | 1.0.2d | |
| openssl | openssl | 1.0.2e | |
| openssl | openssl | 1.0.2f | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "21F16D65-8A46-4AC7-8970-73AB700035FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "92F393FF-7E6F-4671-BFBF-060162E12659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E1B85A09-CF8D-409D-966E-168F9959F6F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "CEDACCB9-8D61-49EE-9957-9E58BC7BB031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
"matchCriteriaId": "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
"matchCriteriaId": "E884B241-F9C3-44F8-A420-DE65F5F3D660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
"matchCriteriaId": "3A383620-B4F7-44A7-85DA-A4FF2E115D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0C6812-F455-49CF-B29B-9AC00306DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
"matchCriteriaId": "3703E445-17C0-4C85-A496-A35641C0C8DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
"matchCriteriaId": "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
"matchCriteriaId": "ABEC1927-F469-4B9E-B544-DA6CF90F0B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EC827B-5313-47D7-BF49-CFF033CF3D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
"matchCriteriaId": "A438E65F-33B1-46BC-AD93-200DCC6B43D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFDCF78-62C1-429E-A43C-0C9FEC14837D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
"matchCriteriaId": "6A0B4DEF-C6E8-4243-9893-6E650013600C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
"matchCriteriaId": "E28CD4F7-522F-4ECA-9035-228596CDE769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "18797BEE-417D-4959-9AAD-C5A7C051B524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6FAA3C31-BD9D-45A9-A502-837FECA6D479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6455A421-9956-4846-AC7C-3431E0D37D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "94D9EC1C-4843-4026-9B05-E060E9391734",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8B5C9903-298B-4084-A505-E60A00A63558",
"versionEndExcluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "30C92A41-47F3-46D7-AD29-66B717E6D5BE",
"versionEndExcluding": "4.3.2",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2CA8815-F276-45E9-8B31-93135D49B7EC",
"versionEndExcluding": "5.7.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de entero en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g permiten a atacantes remotos causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica o referencia a puntero NULL) o posiblemente tener otro impacto no especificado a trav\u00e9s de una cadena de d\u00edgitos de gran tama\u00f1o que no es manejada correctamente por la funci\u00f3n (1) BN_dec2bn o (2) BN_hex2bn, relacionada con crypto/bn/bn.h y crypto/bn/bn_print.c."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/190.html\"\u003eCWE-190: Integer Overflow or Wraparound\u003c/a\u003e\n\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
"id": "CVE-2016-0797",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-03T20:59:01.813",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://openssl.org/news/secadv/20160301.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3500"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/83763"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035133"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2914-1"
},
{
"source": "secalert@redhat.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "secalert@redhat.com",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c175308407858afff3fc8c2e5e085d94d12edc7d"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10156"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201603-15"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20160301.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://openssl.org/news/secadv/20160301.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/83763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2914-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c175308407858afff3fc8c2e5e085d94d12edc7d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201603-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20160301.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-18 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 21 | |
| libuv_project | libuv | * | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libuv_project:libuv:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C6C6F-0490-4B05-AE01-9384C47659C4",
"versionEndIncluding": "0.10.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "005B0AC4-4F5F-4BFD-8BA4-67570A7B1A4A",
"versionEndExcluding": "0.10.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors."
},
{
"lang": "es",
"value": "libuv anterior a 0.10.34 no cancela correctamente los privilegios de grupo, lo que permite a atacantes dependientes de contexto ganar privilegios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-0278",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-18T15:59:02.713",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2015-0186.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:228"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/libuv/libuv/pull/215"
},
{
"source": "secalert@redhat.com",
"url": "https://groups.google.com/forum/#%21msg/libuv/0JZxwLMtsMI/jraczskYWWQJ"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201611-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2015-0186.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/libuv/libuv/pull/215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21msg/libuv/0JZxwLMtsMI/jraczskYWWQJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201611-10"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-273"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-05 22:15
Modified
2025-04-24 14:15
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482",
"versionEndIncluding": "14.14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "BE09F669-5369-442E-8B63-BF58FC0CBB22",
"versionEndExcluding": "14.21.1",
"versionStartIncluding": "14.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1D1D0CEC-62E5-4368-B8F2-1DA5DD0B88FA",
"versionEndIncluding": "16.12.0",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "FF081B38-0E73-4066-898D-12C6B6D48913",
"versionEndExcluding": "16.18.1",
"versionStartIncluding": "16.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "33DB62F6-9D8D-42F8-A75E-82DA091C02BC",
"versionEndIncluding": "18.11.0",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:18.12.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "7B1F87EE-4E30-4832-BF01-8501E94380EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:19.0.0:*:*:*:-:*:*:*",
"matchCriteriaId": "F568BBC5-0D8E-499C-9F3E-DDCE5F10F9D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A OS Command Injection vulnerability exists in Node.js versions \u003c14.21.1, \u003c16.18.1, \u003c18.12.1, \u003c19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del Sistema Operativo en las versiones de Node.js \u0026lt;14.21.1, \u0026lt;16.18.1, \u0026lt;18.12.1, \u0026lt;19.0.1 debido a una verificaci\u00f3n insuficiente de IsAllowedHost que se puede omitir f\u00e1cilmente porque IsIPAddress no lo hace correctamente. verifique si una direcci\u00f3n IP no es v\u00e1lida antes de realizar solicitudes de DBS que permitan volver a vincular ataques. La soluci\u00f3n para este problema en https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 estaba incompleta y esto El nuevo CVE es para completar la soluci\u00f3n."
}
],
"id": "CVE-2022-43548",
"lastModified": "2025-04-24T14:15:38.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-05T22:15:10.923",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230120-0004/"
},
{
"source": "support@hackerone.com",
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230120-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-21 12:29
Modified
2024-11-21 04:11
Severity ?
Summary
In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48A01678-361E-4F23-B7D6-41B0C145F491",
"versionEndExcluding": "10.9.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer\u0027s` internal \"fill\" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information."
},
{
"lang": "es",
"value": "En todas las versiones de Node.js 10 anteriores a la 10.9.0, un fallo en el procesamiento de argumentos puede provocar que \"Buffer.alloc()\" devuelva memoria no inicializada. Este m\u00e9todo est\u00e1 dise\u00f1ado para ser seguro y solo devuelve la memoria inicializada o borrada. El tercer argumento que especifica \"encoding\" puede ser pasado como un n\u00famero. Esto es malinterpretado por el m\u00e9todo interno \"fill\" del b\u00fafer como el \"comienzo\" de una operaci\u00f3n de llenado (fill). Este defecto puede ser explotado cuando los argumentos \"Buffer.alloc()\" se derivan de la entrada del usuario para devolver bloques de memoria no borrados que pueden contener informaci\u00f3n sensible."
}
],
"id": "CVE-2018-7166",
"lastModified": "2024-11-21T04:11:42.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-21T12:29:00.320",
"references": [
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2553"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
}
],
"sourceIdentifier": "cve-request@iojs.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-226"
}
],
"source": "cve-request@iojs.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-23 20:15
Modified
2025-03-12 15:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482",
"versionEndIncluding": "14.14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "DA48F3CE-68BC-43F1-9428-A9F928420081",
"versionEndExcluding": "14.21.3",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1D1D0CEC-62E5-4368-B8F2-1DA5DD0B88FA",
"versionEndIncluding": "16.12.0",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "6E9FAEC6-2D3A-4CBE-859F-11BCECC4F724",
"versionEndExcluding": "16.19.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "33DB62F6-9D8D-42F8-A75E-82DA091C02BC",
"versionEndIncluding": "18.11.0",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "80500AD0-17C2-4698-AE03-1C6782FD38B0",
"versionEndExcluding": "18.14.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "57BCF42B-D5BC-433A-A4BA-E3014E275FA7",
"versionEndExcluding": "19.2.0",
"versionStartIncluding": "19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service."
}
],
"id": "CVE-2023-23919",
"lastModified": "2025-03-12T15:15:38.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-02-23T20:15:13.977",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1808596"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/"
},
{
"source": "support@hackerone.com",
"url": "https://security.netapp.com/advisory/ntap-20230316-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1808596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230316-0008/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-20 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/04/06/3 | Mailing List, VDB Entry | |
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777013 | Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1209781 | Issue Tracking, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://support.f5.com/csp/article/K64462543?utm_source=f5support&%3Butm_medium=RSS | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/04/06/3 | Mailing List, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777013 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1209781 | Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K64462543?utm_source=f5support&%3Butm_medium=RSS |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | 0.3.2 | |
| uronode | uro_node | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0652B2-FB2C-48D1-A7D4-2D12D33D7DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:uronode:uro_node:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C861182F-017F-4073-9F1B-A553434E31E5",
"versionEndIncluding": "1.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption)."
},
{
"lang": "es",
"value": "node en su versi\u00f3n 0.3.2 y URONode en versiones anteriores a la 1.0.5r3 permite que los atacantes remotos provoquen una denegaci\u00f3n de servicio (consumo de ancho de banda)."
}
],
"id": "CVE-2015-2927",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-20T18:29:00.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"VDB Entry"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/06/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777013"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209781"
},
{
"source": "cve@mitre.org",
"url": "https://support.f5.com/csp/article/K64462543?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"VDB Entry"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K64462543?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-13 21:15
Modified
2024-11-21 04:51
Severity ?
Summary
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | swiftnio | * | |
| apple | mac_os_x | * | |
| canonical | ubuntu_linux | * | |
| apache | traffic_server | * | |
| apache | traffic_server | * | |
| apache | traffic_server | * | |
| debian | debian_linux | 10.0 | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93988E60-006B-434D-AB16-1FA1D2FEBC2A",
"versionEndIncluding": "1.4.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D294D56-E784-4DA8-9C2C-BC5A05C92C0C",
"versionStartIncluding": "10.12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B1D2F6-BC1F-47AF-B4E6-4B50986AC622",
"versionStartIncluding": "14.04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "603BF43B-FC99-4039-A3C0-467F015A32FA",
"versionEndIncluding": "6.2.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07BB02CE-D4F2-459C-B0C6-FF78BF7996AE",
"versionEndIncluding": "7.1.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D875E0D8-D109-4F7F-A4C4-9EDD66CEE74E",
"versionEndIncluding": "8.0.3",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "CFC0252A-DF1D-4CF4-B450-27267227B599",
"versionEndExcluding": "8.16.1",
"versionStartIncluding": "8.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "25A3180B-21AF-4010-9DAB-41ADFD2D8031",
"versionEndIncluding": "10.12.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "2EC65858-FF7B-4171-82EA-80942D426F40",
"versionEndExcluding": "10.16.3",
"versionStartIncluding": "10.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F522C500-AA33-4029-865F-F27FB00A354E",
"versionEndExcluding": "12.8.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both."
},
{
"lang": "es",
"value": "Algunas implementaciones de HTTP / 2 son vulnerables a las inundaciones de ping, lo que puede conducir a una denegaci\u00f3n de servicio. El atacante env\u00eda pings continuos a un par HTTP / 2, haciendo que el par construya una cola interna de respuestas. Dependiendo de cu\u00e1n eficientemente se pongan en cola estos datos, esto puede consumir un exceso de CPU, memoria o ambos."
}
],
"id": "CVE-2019-9512",
"lastModified": "2024-11-21T04:51:46.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cret@cert.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-13T21:15:12.287",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/20/1"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2594"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2661"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2682"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2726"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2766"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2796"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2861"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3131"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3245"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3265"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3906"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4040"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4041"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4042"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4045"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4269"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4273"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0406"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/31"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/43"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/18"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0001/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0004/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K98053339"
},
{
"source": "cret@cert.org",
"url": "https://support.f5.com/csp/article/K98053339?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4308-1/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4503"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4508"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K98053339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K98053339?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4308-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-05 22:15
Modified
2025-04-24 14:15
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf | Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/1690000 | Exploit, Issue Tracking, Third Party Advisory | |
| support@hackerone.com | https://security.netapp.com/advisory/ntap-20230113-0002/ | Third Party Advisory | |
| support@hackerone.com | https://www.debian.org/security/2023/dsa-5326 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1690000 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20230113-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5326 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "E47572BB-0E1B-4F93-BCE9-45E03CFD65BD",
"versionEndIncluding": "15.14.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1D1D0CEC-62E5-4368-B8F2-1DA5DD0B88FA",
"versionEndIncluding": "16.12.0",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "09BD0FC2-5AA1-4A22-8432-A2EEA314FE09",
"versionEndExcluding": "16.17.1",
"versionStartIncluding": "16.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "DA8C00DD-A6E5-4E3D-8DD4-F4B51F5C208A",
"versionEndExcluding": "18.9.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5",
"versionEndExcluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material."
},
{
"lang": "es",
"value": "Existe una aleatoriedad d\u00e9bil en la vulnerabilidad keygen de WebCrypto en Node.js 18 debido a un cambio con EntropySource() en SecretKeyGenTraits::DoKeyGen() en src/crypto/crypto_keygen.cc. Hay dos problemas con esto: 1) No verifica el valor de retorno, asume que EntropySource() siempre tiene \u00e9xito, pero puede (y a veces fallar\u00e1). 2) Los datos aleatorios devueltos por EntropySource() pueden no ser criptogr\u00e1ficamente s\u00f3lidos y, por lo tanto, no son adecuados como material de claves."
}
],
"id": "CVE-2022-35255",
"lastModified": "2025-04-24T14:15:32.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-05T22:15:10.513",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1690000"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230113-0002/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1690000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230113-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-01 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14259BF1-3601-4BF1-A591-FC4DE1639C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "681173DF-537E-4A64-8FC7-75F439CCAD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_web_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54EB07A0-FB38-4F17-9C8D-DB629967F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23F7B6BD-821B-4355-8C81-CEA6079B9A85",
"versionEndExcluding": "2.7.13",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E65C03FE-52E0-477A-A104-8F2CC0EEE753",
"versionEndExcluding": "3.4.7",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35B35EBF-9EA0-4BB4-B868-600D2BAA9790",
"versionEndExcluding": "3.5.3",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.6.6-068:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA04185-D9B6-4ED0-9D23-7642BF0228F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.7.0-006:*:*:*:*:*:*:*",
"matchCriteriaId": "A61A1AF3-CE0F-4744-A11A-57DE1ABC7CC6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "CEDACCB9-8D61-49EE-9957-9E58BC7BB031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
"matchCriteriaId": "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
"matchCriteriaId": "E884B241-F9C3-44F8-A420-DE65F5F3D660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
"matchCriteriaId": "3A383620-B4F7-44A7-85DA-A4FF2E115D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0C6812-F455-49CF-B29B-9AC00306DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
"matchCriteriaId": "3703E445-17C0-4C85-A496-A35641C0C8DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
"matchCriteriaId": "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
"matchCriteriaId": "ABEC1927-F469-4B9E-B544-DA6CF90F0B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EC827B-5313-47D7-BF49-CFF033CF3D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
"matchCriteriaId": "A438E65F-33B1-46BC-AD93-200DCC6B43D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFDCF78-62C1-429E-A43C-0C9FEC14837D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
"matchCriteriaId": "6A0B4DEF-C6E8-4243-9893-6E650013600C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
"matchCriteriaId": "E28CD4F7-522F-4ECA-9035-228596CDE769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF4953B-BB23-4C80-8C48-9E94EB234AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "94D9EC1C-4843-4026-9B05-E060E9391734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
"matchCriteriaId": "036FB24F-7D86-4730-8BC9-722875BEC807",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BACF673F-7ADA-4D70-9BA9-2F5252E3467A",
"versionEndExcluding": "0.10.47",
"versionStartIncluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D1AA1-18BE-4134-883E-97CE3E729CBB",
"versionEndExcluding": "0.12.16",
"versionStartIncluding": "0.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8B5C9903-298B-4084-A505-E60A00A63558",
"versionEndExcluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "303F780C-C971-4216-86D6-5026AAD56279",
"versionEndExcluding": "4.6.0",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8291D42E-9E50-414D-9752-D70906D512B2",
"versionEndExcluding": "6.7.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack."
},
{
"lang": "es",
"value": "Los cifrados DES y Triple DES, como se usan en los protocolos TLS, SSH e IPSec y otros protocolos y productos, tienen una cota de cumplea\u00f1os de aproximadamente cuatro mil millones de bloques, lo que facilita a atacantes remotos obtener datos de texto plano a trav\u00e9s de un ataque de cumplea\u00f1os contra una sesi\u00f3n cifrada de larga duraci\u00f3n, seg\u00fan lo demostrado por una sesi\u00f3n HTTPS usando Triple DES en modo CBC, tambi\u00e9n conocido como un ataque \"Sweet32\"."
}
],
"id": "CVE-2016-2183",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-01T00:59:00.137",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/31"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/May/105"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/May/105"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/May/105"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/May/105"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3673"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92630"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95568"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036696"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.splunk.com/view/SP-CAAAPSV"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.splunk.com/view/SP-CAAAPUE"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3087-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3087-2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3179-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3194-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3198-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3270-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3372-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://access.redhat.com/articles/2548661"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2708"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2709"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2710"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2123"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1245"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2859"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0451"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2016-2183"
},
{
"source": "secalert@redhat.com",
"tags": [
"Press/Media Coverage",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa133"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"source": "secalert@redhat.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369403"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369415"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05385680"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390722"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390849"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10186"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10197"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
},
{
"source": "secalert@redhat.com",
"tags": [
"Press/Media Coverage",
"Technical Description",
"Third Party Advisory"
],
"url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2018/Nov/21"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-65"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201707-01"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K13167034"
},
{
"source": "secalert@redhat.com",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://sweet32.info/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wiki.opendaylight.org/view/Security_Advisories"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42091/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
},
{
"source": "secalert@redhat.com",
"tags": [
"Press/Media Coverage",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2017-09"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/May/105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/May/105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/May/105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/May/105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.splunk.com/view/SP-CAAAPSV"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.splunk.com/view/SP-CAAAPUE"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3087-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3087-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3179-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3194-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3198-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3270-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3372-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://access.redhat.com/articles/2548661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2016-2183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05385680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Technical Description",
"Third Party Advisory"
],
"url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2018/Nov/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-65"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201707-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K13167034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://sweet32.info/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wiki.opendaylight.org/view/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42091/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2017-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.vicarius.io/vsociety/posts/cve-2016-2183-detection-sweet32-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.vicarius.io/vsociety/posts/cve-2016-2183-mitigate-sweet32-vulnerability"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-03 21:15
Modified
2024-11-21 04:03
Severity ?
Summary
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mhart/StringStream/issues/7 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://hackerone.com/reports/321670 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.npmjs.com/advisories/664 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mhart/StringStream/issues/7 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/321670 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.npmjs.com/advisories/664 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "9072849C-F939-4977-AA06-7852DD90B5A2",
"versionEndExcluding": "0.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x)."
},
{
"lang": "es",
"value": "Las versiones inferiores a 0.0.6 del m\u00f3dulo stringstream de Node.js son vulnerables a una lectura fuera de l\u00edmites debido a la asignaci\u00f3n de b\u00faferes no inicializados cuando un n\u00famero es pasado en el flujo de entrada (cuando se usa Node.js versi\u00f3n 4.x)"
}
],
"id": "CVE-2018-21270",
"lastModified": "2024-11-21T04:03:19.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-03T21:15:11.100",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/mhart/StringStream/issues/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/321670"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.npmjs.com/advisories/664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/mhart/StringStream/issues/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/321670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.npmjs.com/advisories/664"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-26 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "21F16D65-8A46-4AC7-8970-73AB700035FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "92F393FF-7E6F-4671-BFBF-060162E12659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E1B85A09-CF8D-409D-966E-168F9959F6F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "CEDACCB9-8D61-49EE-9957-9E58BC7BB031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
"matchCriteriaId": "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
"matchCriteriaId": "E884B241-F9C3-44F8-A420-DE65F5F3D660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
"matchCriteriaId": "3A383620-B4F7-44A7-85DA-A4FF2E115D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0C6812-F455-49CF-B29B-9AC00306DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
"matchCriteriaId": "3703E445-17C0-4C85-A496-A35641C0C8DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
"matchCriteriaId": "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
"matchCriteriaId": "ABEC1927-F469-4B9E-B544-DA6CF90F0B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EC827B-5313-47D7-BF49-CFF033CF3D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
"matchCriteriaId": "A438E65F-33B1-46BC-AD93-200DCC6B43D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFDCF78-62C1-429E-A43C-0C9FEC14837D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
"matchCriteriaId": "6A0B4DEF-C6E8-4243-9893-6E650013600C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
"matchCriteriaId": "E28CD4F7-522F-4ECA-9035-228596CDE769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "A491B32F-31F0-4151-AE9B-313CBF2C060D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF4953B-BB23-4C80-8C48-9E94EB234AAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3261B40-5CBE-4AA6-990A-0A7BE96E5518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AFB9DD-DA50-4F9D-B19D-160CA487D002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*",
"matchCriteriaId": "87037877-8506-4737-9F47-2CB687975B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*",
"matchCriteriaId": "FD94C478-6F81-4F37-B7F3-61D8682EC593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "531FE660-C1A9-4C83-90BE-E38AA493D4F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_module_for_web_scripting:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F788DAEB-9865-45DE-B18A-FDD43E1EBB9D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "18797BEE-417D-4959-9AAD-C5A7C051B524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6FAA3C31-BD9D-45A9-A502-837FECA6D479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6455A421-9956-4846-AC7C-3431E0D37D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "94D9EC1C-4843-4026-9B05-E060E9391734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
"matchCriteriaId": "036FB24F-7D86-4730-8BC9-722875BEC807",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "080F38F5-0A51-43BC-BC66-98545B31A0F2",
"versionEndExcluding": "0.10.47",
"versionStartIncluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F90AAE35-9B46-4FEA-AF3A-5F28761EAC4D",
"versionEndExcluding": "0.12.16",
"versionStartIncluding": "0.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "303F780C-C971-4216-86D6-5026AAD56279",
"versionEndExcluding": "4.6.0",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "121E5D5D-B4D9-43F3-B5C9-74590192FAF1",
"versionEndIncluding": "5.12.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8291D42E-9E50-414D-9752-D70906D512B2",
"versionEndExcluding": "6.7.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c."
},
{
"lang": "es",
"value": "El analizador certificado en OpenSSL en versiones anteriores a 1.0.1u y 1.0.2 en versiones anteriores a 1.0.2i podr\u00eda permitir a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de rango) a trav\u00e9s de operaciones certificadas manipuladas, relacionado con s3_clnt.c y s3_srvr.c."
}
],
"id": "CVE-2016-6306",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-26T19:59:02.910",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/31"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3673"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93153"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036885"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3087-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3087-2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2185"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2186"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"source": "secalert@redhat.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "secalert@redhat.com",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K90492697"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20160922.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3087-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3087-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K90492697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20160922.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-21"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-05 05:11
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| chrome | 33.0.1750.0 | ||
| chrome | 33.0.1750.1 | ||
| chrome | 33.0.1750.2 | ||
| chrome | 33.0.1750.3 | ||
| chrome | 33.0.1750.4 | ||
| chrome | 33.0.1750.5 | ||
| chrome | 33.0.1750.6 | ||
| chrome | 33.0.1750.7 | ||
| chrome | 33.0.1750.8 | ||
| chrome | 33.0.1750.9 | ||
| chrome | 33.0.1750.10 | ||
| chrome | 33.0.1750.11 | ||
| chrome | 33.0.1750.12 | ||
| chrome | 33.0.1750.13 | ||
| chrome | 33.0.1750.14 | ||
| chrome | 33.0.1750.15 | ||
| chrome | 33.0.1750.16 | ||
| chrome | 33.0.1750.18 | ||
| chrome | 33.0.1750.19 | ||
| chrome | 33.0.1750.20 | ||
| chrome | 33.0.1750.21 | ||
| chrome | 33.0.1750.22 | ||
| chrome | 33.0.1750.23 | ||
| chrome | 33.0.1750.24 | ||
| chrome | 33.0.1750.25 | ||
| chrome | 33.0.1750.26 | ||
| chrome | 33.0.1750.27 | ||
| chrome | 33.0.1750.28 | ||
| chrome | 33.0.1750.29 | ||
| chrome | 33.0.1750.30 | ||
| chrome | 33.0.1750.31 | ||
| chrome | 33.0.1750.34 | ||
| chrome | 33.0.1750.35 | ||
| chrome | 33.0.1750.36 | ||
| chrome | 33.0.1750.37 | ||
| chrome | 33.0.1750.38 | ||
| chrome | 33.0.1750.39 | ||
| chrome | 33.0.1750.40 | ||
| chrome | 33.0.1750.41 | ||
| chrome | 33.0.1750.42 | ||
| chrome | 33.0.1750.43 | ||
| chrome | 33.0.1750.44 | ||
| chrome | 33.0.1750.45 | ||
| chrome | 33.0.1750.46 | ||
| chrome | 33.0.1750.47 | ||
| chrome | 33.0.1750.48 | ||
| chrome | 33.0.1750.49 | ||
| chrome | 33.0.1750.50 | ||
| chrome | 33.0.1750.51 | ||
| chrome | 33.0.1750.52 | ||
| chrome | 33.0.1750.53 | ||
| chrome | 33.0.1750.54 | ||
| chrome | 33.0.1750.55 | ||
| chrome | 33.0.1750.56 | ||
| chrome | 33.0.1750.57 | ||
| chrome | 33.0.1750.58 | ||
| chrome | 33.0.1750.59 | ||
| chrome | 33.0.1750.60 | ||
| chrome | 33.0.1750.61 | ||
| chrome | 33.0.1750.62 | ||
| chrome | 33.0.1750.63 | ||
| chrome | 33.0.1750.64 | ||
| chrome | 33.0.1750.65 | ||
| chrome | 33.0.1750.66 | ||
| chrome | 33.0.1750.67 | ||
| chrome | 33.0.1750.68 | ||
| chrome | 33.0.1750.69 | ||
| chrome | 33.0.1750.70 | ||
| chrome | 33.0.1750.71 | ||
| chrome | 33.0.1750.73 | ||
| chrome | 33.0.1750.74 | ||
| chrome | 33.0.1750.75 | ||
| chrome | 33.0.1750.76 | ||
| chrome | 33.0.1750.77 | ||
| chrome | 33.0.1750.79 | ||
| chrome | 33.0.1750.80 | ||
| chrome | 33.0.1750.81 | ||
| chrome | 33.0.1750.82 | ||
| chrome | 33.0.1750.83 | ||
| chrome | 33.0.1750.85 | ||
| chrome | 33.0.1750.88 | ||
| chrome | 33.0.1750.89 | ||
| chrome | 33.0.1750.90 | ||
| chrome | 33.0.1750.91 | ||
| chrome | 33.0.1750.92 | ||
| chrome | 33.0.1750.93 | ||
| chrome | 33.0.1750.104 | ||
| chrome | 33.0.1750.106 | ||
| chrome | 33.0.1750.107 | ||
| chrome | 33.0.1750.108 | ||
| chrome | 33.0.1750.109 | ||
| chrome | 33.0.1750.110 | ||
| chrome | 33.0.1750.111 | ||
| chrome | 33.0.1750.112 | ||
| chrome | 33.0.1750.113 | ||
| chrome | 33.0.1750.115 | ||
| chrome | 33.0.1750.116 | ||
| chrome | 33.0.1750.117 | ||
| chrome | 33.0.1750.124 | ||
| chrome | 33.0.1750.125 | ||
| chrome | 33.0.1750.126 | ||
| chrome | 33.0.1750.132 | ||
| chrome | 33.0.1750.133 | ||
| chrome | 33.0.1750.135 | ||
| chrome | 33.0.1750.136 | ||
| v8 | * | ||
| v8 | 3.24.0 | ||
| v8 | 3.24.1 | ||
| v8 | 3.24.2 | ||
| v8 | 3.24.3 | ||
| v8 | 3.24.4 | ||
| v8 | 3.24.5 | ||
| v8 | 3.24.6 | ||
| v8 | 3.24.7 | ||
| v8 | 3.24.8 | ||
| v8 | 3.24.9 | ||
| v8 | 3.24.10 | ||
| v8 | 3.24.11 | ||
| v8 | 3.24.12 | ||
| v8 | 3.24.13 | ||
| v8 | 3.24.14 | ||
| v8 | 3.24.15 | ||
| v8 | 3.24.16 | ||
| v8 | 3.24.17 | ||
| v8 | 3.24.18 | ||
| v8 | 3.24.19 | ||
| v8 | 3.24.20 | ||
| v8 | 3.24.21 | ||
| v8 | 3.24.22 | ||
| v8 | 3.24.23 | ||
| v8 | 3.24.24 | ||
| v8 | 3.24.25 | ||
| v8 | 3.24.26 | ||
| v8 | 3.24.27 | ||
| v8 | 3.24.28 | ||
| v8 | 3.24.29 | ||
| v8 | 3.24.30 | ||
| v8 | 3.24.31 | ||
| v8 | 3.24.32 | ||
| v8 | 3.24.33 | ||
| v8 | 3.24.34 | ||
| nodejs | node.js | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44CEB321-9295-4743-A24E-A7521F07E717",
"versionEndIncluding": "33.0.1750.144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B702C2-083D-46B9-9B31-1D974FBE4190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D4C6EAD-1414-4E1A-8535-31D7DE1B1A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.2:*:*:*:*:*:*:*",
"matchCriteriaId": "16C5F36A-63B5-4DCB-93FC-BEFB31E12689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F425088C-CC28-41AC-9F14-4A4F6E63B865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF9A555-391F-4F39-A9B2-5C864015256B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA76734E-6604-4CDD-9141-BF0BBE05F736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A513C8B2-4026-40BF-8770-6AB4550C2352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.7:*:*:*:*:*:*:*",
"matchCriteriaId": "152F7E36-2716-43F4-B251-7195A3206952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.8:*:*:*:*:*:*:*",
"matchCriteriaId": "157463C3-CB07-41BA-8527-C047E88013A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B5240466-55A1-4767-9BD1-122411EF8C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2E4B17-5832-4B49-9CA8-3F92B7AFAE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.11:*:*:*:*:*:*:*",
"matchCriteriaId": "01488955-E181-448B-BD5A-946A66D5493E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCBFC3C-63F7-4B9B-8D94-7334FB7F0EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C77B47-BD9F-40A9-8482-AA20CA0FA823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7FD2BF1C-CFF1-4310-B0B4-A26BFA68868A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0F327FEE-5500-4AA3-BEC6-0F625305F2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8CE5AB-7722-4C50-AC11-948C117984C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1248F8-FF76-4186-89F3-CBE5696E5347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.19:*:*:*:*:*:*:*",
"matchCriteriaId": "F1EEE80E-73EB-4C22-AE9E-045664FBBE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D2CA2D67-43C1-4438-9C12-452DCC090A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.21:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAA310F-8E93-4FC2-8B79-C09F18B25BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.22:*:*:*:*:*:*:*",
"matchCriteriaId": "96FAA317-56CC-42A1-9102-E2BEA4421D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.23:*:*:*:*:*:*:*",
"matchCriteriaId": "30AC9E40-5362-4A3A-8EC3-5D99A24FAD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C25460-6472-4DE3-BD7A-E47AC0ECB56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.25:*:*:*:*:*:*:*",
"matchCriteriaId": "95E2C59C-7399-4347-BC5D-3345A2940E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.26:*:*:*:*:*:*:*",
"matchCriteriaId": "9C933326-6E6D-4DE6-9F95-42403901FF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.27:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6C47B0-BDAC-4C53-B1A7-E580CE7B8F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.28:*:*:*:*:*:*:*",
"matchCriteriaId": "0D60B297-F755-4FFD-B7C3-E01A164DC0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.29:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A8E793-A73E-4255-99E9-4D0BC6E4C0F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.30:*:*:*:*:*:*:*",
"matchCriteriaId": "2B20DC1B-B8DD-4B52-BA2E-89BC5E993C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.31:*:*:*:*:*:*:*",
"matchCriteriaId": "618FD568-E766-4A36-84B3-D07E92B69ACC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.34:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2AF349-B386-4DA3-8FFB-5ABC92D13FC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.35:*:*:*:*:*:*:*",
"matchCriteriaId": "A0825DC0-2D08-4552-AA24-D823694DCEB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.36:*:*:*:*:*:*:*",
"matchCriteriaId": "9086DA40-25B8-409C-8DC5-C501E8F79F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.37:*:*:*:*:*:*:*",
"matchCriteriaId": "0EBD8A08-F330-42C9-9F48-03D1AFD7A10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.38:*:*:*:*:*:*:*",
"matchCriteriaId": "2D1117D4-35D8-498C-A2FB-CF28E3CDB3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.39:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF13799-F69A-4354-BC3D-737A5F36E3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.40:*:*:*:*:*:*:*",
"matchCriteriaId": "79D398C2-9EED-480C-B32B-705755CEB59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.41:*:*:*:*:*:*:*",
"matchCriteriaId": "62405FD2-8482-438B-9C4A-7CDAD2574E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.42:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD718C6-4FEA-487F-9E8C-4AB3A1838302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.43:*:*:*:*:*:*:*",
"matchCriteriaId": "6445AD42-E14C-4E85-9A42-FD29F5BC30AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.44:*:*:*:*:*:*:*",
"matchCriteriaId": "9E12FC87-01D1-464D-A311-CC4BB07712F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.45:*:*:*:*:*:*:*",
"matchCriteriaId": "C4146B78-C168-4567-B6F8-926B337FBF25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.46:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4EF23-D134-41F1-9649-4D41CB61E5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.47:*:*:*:*:*:*:*",
"matchCriteriaId": "A37F46D1-AFBD-4C99-8754-9A7425AD930B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.48:*:*:*:*:*:*:*",
"matchCriteriaId": "48F5D234-E5A0-4597-8DE1-9444E654B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.49:*:*:*:*:*:*:*",
"matchCriteriaId": "400E408D-80C3-4F5F-90A1-D021737CC56A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.50:*:*:*:*:*:*:*",
"matchCriteriaId": "EC9E3A9F-21D3-425B-8579-00760123F3EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.51:*:*:*:*:*:*:*",
"matchCriteriaId": "004F59DD-8048-43BC-8825-4D16AA3C2A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.52:*:*:*:*:*:*:*",
"matchCriteriaId": "899F83C8-9E62-4F24-B700-6E8923E3CC2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.53:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB3A7F9-CB39-465F-BDE6-BDA45BFA2C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.54:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB08D2F-D16B-4EA0-8E93-B2CB029EC615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.55:*:*:*:*:*:*:*",
"matchCriteriaId": "2D8AF8A1-D6C1-41C4-8700-0DE6AE36F580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.56:*:*:*:*:*:*:*",
"matchCriteriaId": "01417CE6-D5BD-4F21-ACD7-4E043F185CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.57:*:*:*:*:*:*:*",
"matchCriteriaId": "740E7BA5-DB23-4446-AA77-A5D89C1D0D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.58:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2FD596-144B-487A-B4D7-757B8C314250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.59:*:*:*:*:*:*:*",
"matchCriteriaId": "4E86041C-5CB9-40A8-916E-45B55A555995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C92F9C20-B758-4B96-A828-6DE47E8A829C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.61:*:*:*:*:*:*:*",
"matchCriteriaId": "89EBAC78-C8F5-4B92-9E59-725E32A5421A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.62:*:*:*:*:*:*:*",
"matchCriteriaId": "358FFC27-5E22-4CA1-82E7-9D4FA629FE88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.63:*:*:*:*:*:*:*",
"matchCriteriaId": "910E8BF3-3C9E-41E0-81D1-597FE30C7315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.64:*:*:*:*:*:*:*",
"matchCriteriaId": "D677EA9A-6660-4F50-A2B1-3E2F391920F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.65:*:*:*:*:*:*:*",
"matchCriteriaId": "38F4B138-D297-4D13-86A5-35F906447E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.66:*:*:*:*:*:*:*",
"matchCriteriaId": "1E46BE1B-F522-43F6-9333-702EFF2713D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.67:*:*:*:*:*:*:*",
"matchCriteriaId": "B8666DC3-7638-4130-9F95-4408DD5F660A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.68:*:*:*:*:*:*:*",
"matchCriteriaId": "E680816E-9641-4E14-8775-35458534E1D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.69:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFA742A-50C4-46A9-AAE7-29A642F637A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.70:*:*:*:*:*:*:*",
"matchCriteriaId": "CC75D010-BC64-440E-A426-DA0117CE6407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.71:*:*:*:*:*:*:*",
"matchCriteriaId": "03784488-72E5-4E32-B507-89571DE61697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.73:*:*:*:*:*:*:*",
"matchCriteriaId": "4C33E433-14E7-469D-B02F-A3D7DB8C77C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.74:*:*:*:*:*:*:*",
"matchCriteriaId": "239D5A00-B33C-4AA1-96F1-AF960928394C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.75:*:*:*:*:*:*:*",
"matchCriteriaId": "D60D8B55-EECB-48D3-BE09-B1964A0D3170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.76:*:*:*:*:*:*:*",
"matchCriteriaId": "4C75D512-48AF-4D74-8644-7EF100D96F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.77:*:*:*:*:*:*:*",
"matchCriteriaId": "66E3400D-8A75-45E9-AFDC-366AC0C86323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.79:*:*:*:*:*:*:*",
"matchCriteriaId": "BF597FC6-FF2F-44C5-9C9C-9E0C4437C66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.80:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B32192-D874-41C8-B1B9-5C99B12D93B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.81:*:*:*:*:*:*:*",
"matchCriteriaId": "57019F85-3B0C-40C5-AEFF-ECE1FFB87DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.82:*:*:*:*:*:*:*",
"matchCriteriaId": "B83518FA-7E1C-41A1-BFB1-90CC1955339B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.83:*:*:*:*:*:*:*",
"matchCriteriaId": "342112D8-CAEF-42FF-8A1D-71391CBD7FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.85:*:*:*:*:*:*:*",
"matchCriteriaId": "8B07E8DC-420B-4A8C-B19B-135AEF38B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.88:*:*:*:*:*:*:*",
"matchCriteriaId": "8840A482-3305-43DE-812A-72CE1124C718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.89:*:*:*:*:*:*:*",
"matchCriteriaId": "CC532185-B2B9-46C3-9626-FB8C67C8DFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.90:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC0ED28-201A-4E21-8864-AC85F3E53F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.91:*:*:*:*:*:*:*",
"matchCriteriaId": "61260ECB-4DA8-4313-9077-6F87592EC45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6E03ADCE-5009-4364-9308-18956EE2172F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.93:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9BB86D-B853-4FB6-8CE9-7D30E04E47C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.104:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EEF2AC-83CE-40AD-820E-CAA669A848F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.106:*:*:*:*:*:*:*",
"matchCriteriaId": "8479F4C0-1097-4BBB-855E-FBDFD3065482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.107:*:*:*:*:*:*:*",
"matchCriteriaId": "82A5CAA6-89B4-4C53-BDCC-FA0248262836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.108:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF184C5-9AA7-4C6A-B9E1-208297A21A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.109:*:*:*:*:*:*:*",
"matchCriteriaId": "E95FF3AE-1EEC-471F-8927-6C12FA766EB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.110:*:*:*:*:*:*:*",
"matchCriteriaId": "5A154FBB-A21F-4496-BB35-18845095A657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.111:*:*:*:*:*:*:*",
"matchCriteriaId": "4256B074-FC64-481E-9AA6-19D0A3E469FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.112:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4CB1AD-C8D7-41EE-BC3A-E66C325F2F26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.113:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3B7E15-A59D-4C01-89EB-13F4639A4BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.115:*:*:*:*:*:*:*",
"matchCriteriaId": "3A573C2D-81F8-4D2E-8605-F3727FA7C121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.116:*:*:*:*:*:*:*",
"matchCriteriaId": "6E7B0968-7187-480D-AC6D-82E55F4A7579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.117:*:*:*:*:*:*:*",
"matchCriteriaId": "46206063-DE0B-4FEC-BEE4-015D548B18D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.124:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2057E6-EA25-4EA6-A825-8530F51F6B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.125:*:*:*:*:*:*:*",
"matchCriteriaId": "D115D222-0920-4068-A69E-B6039EECD3FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.126:*:*:*:*:*:*:*",
"matchCriteriaId": "51692796-586F-48F8-93F2-9588EC5A7880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.132:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC3FF10-A864-4C78-BF43-A80A0AF587D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.133:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB0F12D-88BB-4FF3-8E0A-6E6CD5069C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.135:*:*:*:*:*:*:*",
"matchCriteriaId": "5242BD85-6950-427B-B6C6-EBF17D65EE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:33.0.1750.136:*:*:*:*:*:*:*",
"matchCriteriaId": "5513404A-2257-4C46-AE2A-B7EB57243BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5958A347-83C2-459F-800A-F4F99BD51C29",
"versionEndIncluding": "3.24.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC3C85C-B7EB-4778-8427-57B6E74548F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FF4C1B-570F-4E10-B247-9E696F5C9A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "890214C7-65FD-4741-9FA9-DFEEBE815ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD29B493-156E-40EB-A139-22273FC03494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D311A38E-9682-41AD-B8DA-B0FEA3FD6B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F730F35-E59A-40DC-B384-5CD8131E5394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.6:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6B143-17FE-4709-B37F-3F3F8C90F2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.7:*:*:*:*:*:*:*",
"matchCriteriaId": "747B3F44-61DD-4E59-AB04-644D0DBA22B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.8:*:*:*:*:*:*:*",
"matchCriteriaId": "27386950-9F64-483A-98D9-73C2B2E36E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.9:*:*:*:*:*:*:*",
"matchCriteriaId": "03D30427-F440-4913-AA5C-D25E5546BF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.10:*:*:*:*:*:*:*",
"matchCriteriaId": "13EA11A8-2CA0-47F1-8B3A-17E4DD2C5872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B32618-C516-49A4-A207-6AA265DA9E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF5F9B6-87F6-4EE7-99A2-5109FABCDD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.13:*:*:*:*:*:*:*",
"matchCriteriaId": "98032A71-91CD-4B04-8A85-46143A446013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEC7292-992F-4B86-B51F-7FAC51F60A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D68568D0-2B36-4F03-85ED-518B08D91F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.16:*:*:*:*:*:*:*",
"matchCriteriaId": "312B6E8A-7204-480D-A62F-3A0F5A3EE624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.17:*:*:*:*:*:*:*",
"matchCriteriaId": "31610339-EC04-4721-AC82-C004C34B0C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9A420C-4F51-4695-9D0B-F755A35D3A50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B360F5E7-D59D-459B-A9E8-84F51793D3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.20:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5B5A86-F82A-4B3D-B944-4E64CDB9E877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.21:*:*:*:*:*:*:*",
"matchCriteriaId": "225B4456-9CF6-4519-9C15-1ABE2D52C6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.22:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1E417E-DA11-4333-BDB0-C1C6EE9F2851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.23:*:*:*:*:*:*:*",
"matchCriteriaId": "BD92CD47-D942-44C0-8E71-D307AA05C207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.24:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEBADE4-DD37-447B-8450-10BC57F85875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.25:*:*:*:*:*:*:*",
"matchCriteriaId": "610627E6-C828-482B-809D-CE86788A5EE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.26:*:*:*:*:*:*:*",
"matchCriteriaId": "39AFEF41-7AC1-46D0-9AB1-E1C7DFCAD492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.27:*:*:*:*:*:*:*",
"matchCriteriaId": "78DD2CDC-8B85-4DC7-A85D-CC85B65B264E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C8963550-CA67-404A-853B-86A0D6C34FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.29:*:*:*:*:*:*:*",
"matchCriteriaId": "803F421D-D17E-4E49-BD6E-00D40EDE3B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.30:*:*:*:*:*:*:*",
"matchCriteriaId": "76FAAD85-F326-4AC3-8F2D-DB64F610B502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.31:*:*:*:*:*:*:*",
"matchCriteriaId": "898DF7D1-AD9C-414A-A810-F0C2C2CF3F19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.32:*:*:*:*:*:*:*",
"matchCriteriaId": "8F4A53AD-04F1-4D8E-9B93-270F0A9A9E08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.33:*:*:*:*:*:*:*",
"matchCriteriaId": "702FE7B3-A2EF-4409-8130-5EDC6A6BD3A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:v8:3.24.34:*:*:*:*:*:*:*",
"matchCriteriaId": "FF36D004-5ED4-47CC-83F4-6FD708EC3B8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13EB0A95-92AB-432D-A7AE-7670A5117B95",
"versionEndExcluding": "0.10.31",
"versionStartIncluding": "0.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en Google V8 anterior a 3.24.35.10, utilizado en Google Chrome anterior a 33.0.1750.146, permiten a atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2013-6668",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-05T05:11:22.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0516.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61184"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2883"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:142"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65930"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=343964"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=344186"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=347909"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://code.google.com/p/v8/source/detail?r=19475"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://code.google.com/p/v8/source/detail?r=19553"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://code.google.com/p/v8/source/detail?r=19599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0516.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=343964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=344186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=347909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://code.google.com/p/v8/source/detail?r=19475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://code.google.com/p/v8/source/detail?r=19553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://code.google.com/p/v8/source/detail?r=19599"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-05 22:15
Modified
2025-04-24 14:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf | Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/1675191 | Exploit, Issue Tracking, Third Party Advisory | |
| support@hackerone.com | https://www.debian.org/security/2023/dsa-5326 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1675191 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5326 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482",
"versionEndIncluding": "14.14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "1D907C43-56F3-4FB8-8F20-C90C65EE5A08",
"versionEndExcluding": "14.20.1",
"versionStartIncluding": "14.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1D1D0CEC-62E5-4368-B8F2-1DA5DD0B88FA",
"versionEndIncluding": "16.12.0",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "09BD0FC2-5AA1-4A22-8432-A2EEA314FE09",
"versionEndExcluding": "16.17.1",
"versionStartIncluding": "16.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "DA8C00DD-A6E5-4E3D-8DD4-F4B51F5C208A",
"versionEndExcluding": "18.9.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "1D7F3488-19BB-4E97-AC9F-23F847F53774",
"versionEndExcluding": "6.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5",
"versionEndExcluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling."
},
{
"lang": "es",
"value": "El analizador llhttp en el m\u00f3dulo http en Node v18.7.0 no maneja correctamente los campos de encabezado que no terminan con CLRF. Esto puede resultar en tr\u00e1fico ilegal de solicitudes HTTP."
}
],
"id": "CVE-2022-35256",
"lastModified": "2025-04-24T14:15:32.277",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-05T22:15:10.570",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1675191"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1675191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-10 14:15
Modified
2025-04-12 01:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
References
Impacted products
{
"cisaActionDue": "2023-10-31",
"cisaExploitAdd": "2023-10-10",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "HTTP/2 Rapid Reset Attack Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5200E35-222B-42E0-83E0-5B702684D992",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3BDC297-F023-4E87-8518-B84CCF9DD6A8",
"versionEndExcluding": "1.57.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D12D5257-7ED2-400F-9EF7-40E0D3650C2B",
"versionEndExcluding": "4.1.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1B058776-B5B7-4079-B0AF-23F40926DCEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D565975-EFD9-467C-B6E3-1866A4EF17A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D487271-1B5E-4F16-B0CB-A7B8908935C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6ED627-EFB3-4BDD-8ECC-C5947A1470B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A6F189-6C43-462D-85C9-B0EBDA8A4683",
"versionEndExcluding": "9.4.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C993C920-85C0-4181-A95E-5D965A670738",
"versionEndExcluding": "10.0.17",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08E79A8E-E12C-498F-AF4F-1AAA7135661E",
"versionEndExcluding": "11.0.17",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F138D800-9A3B-4C76-8A3C-4793083A1517",
"versionEndExcluding": "12.0.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6341DDDA-AD27-4087-9D59-0A212F0037B4",
"versionEndExcluding": "2.7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328120E4-C031-44B4-9BE5-03B0CDAA066F",
"versionEndExcluding": "1.20.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A",
"versionEndExcluding": "1.21.3",
"versionStartIncluding": "1.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*",
"matchCriteriaId": "D7D2F801-6F65-4705-BCB9-D057EA54A707",
"versionEndExcluding": "0.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*",
"matchCriteriaId": "801F25DA-F38C-4452-8E90-235A3B1A5FF0",
"versionEndExcluding": "0.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D93F04AD-DF14-48AB-9F13-8B2E491CF42E",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7522C760-7E07-406F-BF50-5656D5723C4F",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7F605E-EB10-40FB-98D6-7E3A95E310BC",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "783E62F2-F867-48F1-B123-D1227C970674",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6603ED6A-3366-4572-AFCD-B3D4B1EC7606",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88978E38-81D3-4EFE-8525-A300B101FA69",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0510296F-92D7-4388-AE3A-0D9799C2FC4D",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7698D6C-B1F7-43C1-BBA6-88E956356B3D",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1CC91B-6920-4AF0-9EDD-DD3189E78F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05E452AA-A520-4CBE-8767-147772B69194",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "596FC5D5-7329-4E39-841E-CAE937C02219",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C7A168-F370-441E-8790-73014BCEC39F",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF16FD01-7704-40AB-ACB2-80A883804D22",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1769D69A-CB59-46B1-89B3-FB97DC6DEB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9167FEC1-2C37-4946-9657-B4E69301FB24",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4B3442-E0C0-48CD-87AD-060E15C9801E",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA85EC1-D91A-49DD-949B-2AF7AC813CA5",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20662BB0-4C3D-4CF0-B068-3555C65DD06C",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59203EBF-C52A-45A1-B8DF-00E17E3EFB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2324D-EC8B-41DF-88A7-819E53AAD0FC",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B88F9D1-B54B-40C7-A18A-26C4A071D7EC",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F39403-C259-4D6F-9E9A-53671017EEDB",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "220F2D38-FA82-45EF-B957-7678C9FEDBC1",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C698C1C-A3DD-46E2-B05A-12F2604E7F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "922AA845-530A-4B4B-9976-4CBC30C8A324",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F938EB43-8373-47EB-B269-C6DF058A9244",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1771493E-ACAA-477F-8AB4-25DB12F6AD6E",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E86F3D5-65A4-48CE-A6A2-736BBB88E3F8",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87670A74-34FE-45DF-A725-25B804C845B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E422F6-C4C2-43AC-B137-0997B5739030",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC3F710F-DBCB-4976-9719-CF063DA22377",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9B76A1-7C5A-453F-A4ED-F1A81BCEBEB5",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88EDFCD9-775C-48FA-9CDA-2B04DA8D0612",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67DB21AE-DF53-442D-B492-C4ED9A20B105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9FCBCB-9CE0-49E7-85C8-69E71D211912",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "112DFA85-90AD-478D-BD70-8C7C0C074F1B",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB704A1C-D8B7-48BB-A15A-C14DB591FE4A",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21D51D9F-2840-4DEA-A007-D20111A1745C",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC1D037-74D2-4F92-89AD-C90F6CBF440B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEF3EA4-7D5A-4B44-9CE3-258AEC745866",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBCE2D1-9D93-415D-AB2C-2060307C305A",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8070B469-8CC4-4D2F-97D7-12D0ABB963C1",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A326597E-725D-45DE-BEF7-2ED92137B253",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B235A78-649B-46C5-B24B-AB485A884654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B25AAB-A98C-4F89-9131-29E3A8C0ED23",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9B976A-D3AD-4445-BF8A-067C3EBDFBB0",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98D2CE1E-DED0-470A-AA78-C78EF769C38E",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C966FABA-7199-4F0D-AB8C-4590FE9D2FFF",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84D00768-E71B-4FF7-A7BF-F2C8CFBC900D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3D2ABA3-D4A9-4267-B0DF-7C3BBEEAEB66",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC36311E-BB00-4750-85C8-51F5A2604F07",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A65D357E-4B40-42EC-9AAA-2B6CEF78C401",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7EF9865-FE65-4DFB-BF21-62FBCE65FF1C",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBD10E8-6054-408F-9687-B9BF6375CA09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6018B01-048C-43BB-A78D-66910ED60CA9",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A6A5686-5A8B-45D5-9165-BC99D2CCAC47",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2A121F-5BD2-4263-8ED3-1DDE25B5C306",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4F7BAD-3EDD-4DE0-AAB7-DE5ACA34DD79",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83794B04-87E2-4CA9-81F5-BB820D0F5395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9EC2237-117F-43BD-ADEC-516CF72E04EF",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F70D4B6F-65CF-48F4-9A07-072DFBCE53D9",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29563719-1AF2-4BB8-8CCA-A0869F87795D",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D24815DD-579A-46D1-B9F2-3BB2C56BC54D",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6E7035-3299-474F-8F67-945EA9A059D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0360F76D-E75E-4B05-A294-B47012323ED9",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4607BF-41AC-4E84-A110-74E085FF0445",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "441CC945-7CA3-49C0-AE10-94725301E31D",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46BA8E8A-6ED5-4FB2-8BBC-586AA031085A",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56FB92F7-FF1E-425D-A5AB-9D9FB0BB9450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "969C4F14-F6D6-46D6-B348-FC1463877680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41AD5040-1250-45F5-AB63-63F333D49BCC",
"versionEndIncluding": "1.8.2",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8257AA59-C14D-4EC1-B22C-DFBB92CBC297",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37DB32BB-F4BA-4FB5-94B1-55C3F06749CF",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF5007E-761C-4697-8D34-C064DF0ABE8D",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "910441D3-90EF-4375-B007-D51120A60AB2",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "667EB77B-DA13-4BA4-9371-EE3F3A109F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6F9699-A485-4614-8F38-5A556D31617E",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A90F547-97A2-41EC-9FDF-25F869F0FA38",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E76E1B82-F1DC-4366-B388-DBDF16C586A0",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "660137F4-15A1-42D1-BBAC-99A1D5BB398B",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C446827A-1F71-4FAD-9422-580642D26AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1932D32D-0E4B-4BBD-816F-6D47AB2E2F04",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D47B7691-A95B-45C0-BAB4-27E047F3C379",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD1637D-0E42-4928-867A-BA0FDB6E8462",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A599F90-F66B-4DF0-AD7D-D234F328BD59",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1B2000-C3FE-4B4C-885A-A5076EB164E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5326759A-AFB0-4A15-B4E9-3C9A2E5DB32A",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57D92D05-C67D-437E-88F3-DCC3F6B0ED2F",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECCB8C30-861E-4E48-A5F5-30EE523C1FB6",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FEAD2A-3A58-432E-BEBB-6E3FDE24395F",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB23AE6-245E-43D6-B832-933F8259F937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1188B4A9-2684-413C-83D1-E91C75AE0FCF",
"versionEndIncluding": "1.25.2",
"versionStartIncluding": "1.9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3337609D-5291-4A52-BC6A-6A8D4E60EB20",
"versionEndIncluding": "2.4.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF0ABD9-EB28-4966-8C31-EED7AFBF1527",
"versionEndIncluding": "3.3.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F291CB34-47A4-425A-A200-087CC295AEC8",
"versionEndExcluding": "r29",
"versionStartIncluding": "r25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*",
"matchCriteriaId": "5892B558-EC3A-43FF-A1D5-B2D9F70796F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*",
"matchCriteriaId": "96BF2B19-52C7-4051-BA58-CAE6F912B72F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD26B48-CC80-4FAE-BD3D-78DE4C80C92B",
"versionEndIncluding": "8.5.93",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EC20B6-B2AB-41F5-9BF9-D16C1FE67C34",
"versionEndIncluding": "9.0.80",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0765CC3D-AB1A-4147-8900-EF4C105321F2",
"versionEndIncluding": "10.1.13",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*",
"matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*",
"matchCriteriaId": "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:swiftnio_http\\/2:*:*:*:*:*:swift:*:*",
"matchCriteriaId": "08190072-3880-4EF5-B642-BA053090D95B",
"versionEndExcluding": "1.28.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*",
"matchCriteriaId": "5F4CDEA9-CB47-4881-B096-DA896E2364F3",
"versionEndExcluding": "1.56.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*",
"matchCriteriaId": "E65AF7BC-7DAE-408A-8485-FBED22815F75",
"versionEndIncluding": "1.59.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*",
"matchCriteriaId": "DD868DDF-C889-4F36-B5E6-68B6D9EA48CC",
"versionEndExcluding": "1.58.3",
"versionStartIncluding": "1.58.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*",
"matchCriteriaId": "FBD991E2-DB5A-4AAD-95BA-4B5ACB811C96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4496821E-BD55-4F31-AD9C-A3D66CBBD6BD",
"versionEndExcluding": "6.0.23",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF7ECF6-178D-433C-AA21-BAE9EF248F37",
"versionEndExcluding": "7.0.12",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C3418F4-B8BF-4666-BB39-C188AB01F45C",
"versionEndExcluding": "6.0.23",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1278DD1C-EFA9-4316-AD32-24C1B1FB0CEA",
"versionEndExcluding": "7.0.12",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDFB0FF-0F4A-4B7B-94E8-ED72A8106314",
"versionEndExcluding": "2023-10-08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16A8F269-E07E-402F-BFD5-60F3988A5EAF",
"versionEndExcluding": "17.2.20",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B2B972-69E2-4D21-9A7C-B2AFF1D89EB8",
"versionEndExcluding": "17.4.12",
"versionStartIncluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5834D4-F52F-41C0-AA11-C974FFEEA063",
"versionEndExcluding": "17.6.8",
"versionStartIncluding": "17.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2166106F-ACD6-4C7B-B0CC-977B83CC5F73",
"versionEndExcluding": "17.7.5",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "4CD49C41-6D90-47D3-AB4F-4A74169D3A8F",
"versionEndExcluding": "10.0.14393.6351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "BAEFEE13-9CD7-46A2-8AF6-0A33C79C05F1",
"versionEndExcluding": "10.0.14393.6351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3",
"versionEndExcluding": "10.0.17763.4974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F9A643-90C6-489C-98A0-D2739CE72F86",
"versionEndExcluding": "10.0.19044.3570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC",
"versionEndExcluding": "10.0.19045.3570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63",
"versionEndExcluding": "10.0.22000.2538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B",
"versionEndExcluding": "10.0.22621.2428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "C61F0294-5C7E-4DB2-8905-B85D0782F35F",
"versionEndExcluding": "18.18.2",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69843DE4-4721-4F0A-A9B7-0F6DF5AAA388",
"versionEndExcluding": "20.8.1",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B25279EF-C406-4133-99ED-0492703E0A4E",
"versionEndExcluding": "2023-10-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FFFF84B-F35C-43DE-959A-A5D10C3AE9F5",
"versionEndExcluding": "2023-10-10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCE8C89-7C22-48CA-AF22-B34C8AA2CB8C",
"versionEndExcluding": "2023.10.16.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEB508E-0EBD-4450-9074-983DDF568AB4",
"versionEndExcluding": "3.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93A1A748-6C71-4191-8A16-A93E94E2CDE4",
"versionEndExcluding": "8.1.9",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4BCAF6-B246-41EC-9EE1-24296BFC4F5A",
"versionEndExcluding": "9.2.3",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F70360D-6214-46BA-AF82-6AB01E13E4E9",
"versionEndExcluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DA759E-1AF8-49D3-A3FC-1B426C13CA82",
"versionEndExcluding": "4.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28BE6F7B-AE66-4C8A-AAFA-F1262671E9BF",
"versionEndExcluding": "1.17.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C8E760-C8D2-483A-BBD4-6A6D292A3874",
"versionEndExcluding": "1.18.3",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0F78BB-6A05-4C97-A8DB-E731B6CC8CC7",
"versionEndExcluding": "1.19.1",
"versionStartIncluding": "1.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*",
"matchCriteriaId": "050AE218-3871-44D6-94DA-12D84C2093CB",
"versionEndExcluding": "2023-10-10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B36BFFB0-C0EC-4926-A1DB-0B711C846A68",
"versionEndExcluding": "2.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "376EAF9B-E994-4268-9704-0A45EA30270F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F3D08335-C291-4623-B80C-3B14C4D1FA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "21033CEE-CEF5-4B0D-A565-4A6FC764AA6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*",
"matchCriteriaId": "FC4C66B1-42C0-495D-AE63-2889DE0BED84",
"versionEndExcluding": "2023-10-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*",
"matchCriteriaId": "8633E263-F066-4DD8-A734-90207207A873",
"versionEndIncluding": "2.12.5",
"versionStartIncluding": "2.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*",
"matchCriteriaId": "34A23BD9-A0F4-4D85-8011-EAC93C29B4E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*",
"matchCriteriaId": "27ED3533-A795-422F-B923-68BE071DC00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*",
"matchCriteriaId": "45F7E352-3208-4188-A5B1-906E00DF9896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*",
"matchCriteriaId": "DF89A8AD-66FE-439A-B732-CAAB304D765B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A400C637-AF18-4BEE-B57C-145261B65DEC",
"versionEndExcluding": "1.26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "653A5B08-0D02-4362-A8B1-D00B24C6C6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B0E6B4B-BAA6-474E-A18C-72C9719CEC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FD736A-8730-446A-BA3A-7B608DB62B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C504B6-3902-46E2-82B7-48AEC9CDD48D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D54F5AE-61EC-4434-9D5F-9394A3979894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E37E1B3-6F68-4502-85D6-68333643BDFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5A7736-A403-4617-8790-18E46CB74DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33F13B03-69BF-4A8B-A0A0-7F47FD857461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9393119E-F018-463F-9548-60436F104195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC45EE1E-2365-42D4-9D55-92FA24E5ED3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E567CD9F-5A43-4D25-B911-B5D0440698F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68146098-58F8-417E-B165-5182527117C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4D6790-63E5-4043-B8BE-B489D649061D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78698F40-0777-4990-822D-02E1B5D0E2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B87C8AD3-8878-4546-86C2-BF411876648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF03BDE8-602D-4DEE-BA5B-5B20FDF47741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*",
"matchCriteriaId": "A58966CB-36AF-4E64-AB39-BE3A0753E155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*",
"matchCriteriaId": "585BC540-073B-425B-B664-5EA4C00AFED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B453CF7-9AA6-4B94-A003-BF7AE0B82F53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD354E32-A8B0-484C-B4C6-9FBCD3430D2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72A54BDA-311C-413B-8E4D-388AD65A170A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A305F012-544E-4245-9D69-1C8CD37748B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40CCE4F-EA2C-453D-BB76-6388767E5C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF93A27E-AA2B-4C2E-9B8D-FE7267847326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B12A3A8-6456-481A-A0C9-524543FCC149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2E7E3C-A507-4AB2-97E5-4944D8775CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E22EBF9-AA0D-4712-9D69-DD97679CE835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*",
"matchCriteriaId": "941B114C-FBD7-42FF-B1D8-4EA30E99102C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "339CFB34-A795-49F9-BF6D-A00F3A1A4F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D044DBE-6F5A-4C53-828E-7B1A570CACFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23FA47F-B967-44AD-AB76-1BB2CAD3CA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*",
"matchCriteriaId": "65203CA1-5225-4E55-A187-6454C091F532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF8EFFB-5686-4F28-A68F-1A8854E098CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA9B2E2-958B-478D-87D6-E5CDDCD44315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F5FF1E-5DA3-4EC3-B41A-A362BDFC4C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97321212-0E07-4CC2-A917-7B5F61AB9A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF390236-3259-4C8F-891C-62ACC4386CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AAA300-691A-4957-8B69-F6888CC971B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45937289-2D64-47CB-A750-5B4F0D4664A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B129311C-EB4B-4041-B85C-44D5E53FCAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AB54DB-3FB4-41CB-88ED-1400FD22AB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77675CB7-67D7-44E9-B7FF-D224B3341AA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A76A2BCE-4AAE-46D7-93D6-2EDE0FC83145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C877879-B84B-471C-80CF-0656521CA8AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E315FC5C-FF19-43C9-A58A-CF2A5FF13824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20A6B40D-F991-4712-8E30-5FE008505CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D482A3D2-6E9B-42BA-9926-35E5BDD5F3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F564701-EDC1-43CF-BB9F-287D6992C6CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12B0CF2B-D1E1-4E20-846E-6F0D873499A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8885C2C-7FB8-40CA-BCB9-B48C50BF2499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D88B140-D2A1-4A0A-A2E9-1A3B50C295AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A903C3AD-2D25-45B5-BF4A-A5BEB2286627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5EBD2A-32A3-46D5-B155-B44DCB7F6902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2792650-851F-4820-B003-06A4BEA092D7",
"versionEndExcluding": "10.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "9F6B63B9-F4C9-4A3F-9310-E0918E1070D1",
"versionEndExcluding": "3.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "E6FF5F80-A991-43D4-B49F-D843E2BC5798",
"versionEndIncluding": "2.414.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
"matchCriteriaId": "54D25DA9-12D0-4F14-83E6-C69D0293AAB9",
"versionEndIncluding": "2.427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1AFFB9-C717-4727-B0C9-5A0C281710E2",
"versionEndExcluding": "9.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25C85001-E0AB-4B01-8EE7-1D9C77CD956E",
"versionEndExcluding": "1.21.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F98F9D27-6659-413F-8F29-4FDB0882AAC5",
"versionEndExcluding": "11.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C98BF315-C563-47C2-BAD1-63347A3D1008",
"versionEndExcluding": "4.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_data_gateway:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "705CBA49-21C9-4400-B7B9-71CDF9F97D8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2BE0F1-DD16-4876-8EBA-F187BD38B159",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "796B6C58-2140-4105-A2A1-69865A194A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA99DC6-EA03-469F-A8BE-7F96FDF0B333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6560DBF4-AFE6-4672-95DE-74A0B8F4170A",
"versionEndExcluding": "x14.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84785919-796D-41E5-B652-6B5765C81D4A",
"versionEndExcluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92A74A1A-C69F-41E6-86D0-D6BB1C5D0A1E",
"versionEndExcluding": "4.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE7BA33-2AC0-4A85-97AD-6D77F20BA2AD",
"versionEndExcluding": "9.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE2F959-1084-48D1-B1F1-8182FC9862DD",
"versionEndExcluding": "7.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F",
"versionEndExcluding": "3.10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB6B48E-EA36-40A0-96D0-AF909BEC1147",
"versionEndExcluding": "11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBED844-7F94-498C-836D-8593381A9657",
"versionEndExcluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C170DBA1-0899-4ECC-9A0D-8FEB1DA1B510",
"versionEndExcluding": "2.19.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "358FA1DC-63D3-49F6-AC07-9E277DD0D9DA",
"versionEndExcluding": "x14.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF2D182-7599-4B81-B56B-F44EDA1384C0",
"versionEndExcluding": "2024.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4868BCCA-24DE-4F24-A8AF-B3A545C0396E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*",
"matchCriteriaId": "194F7A1F-FD43-4FF7-9AE2-C13AA5567E8A",
"versionEndExcluding": "2024.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC75F99-C7F0-47EB-9032-C9D3A42EBA20",
"versionEndExcluding": "2024.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6638F4E-16F7-447D-B755-52640BCB1C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC34F742-530E-4AB4-8AFC-D1E088E256B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D31CC0E9-8E21-436B-AB84-EA1B1BC60DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E22AD683-345B-4E16-BB9E-E9B1783E09AD",
"versionEndExcluding": "12.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C0D694-9E24-4782-B35F-D7C3E3B0F2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2955BEE9-F567-4006-B96D-92E10FF84DB4",
"versionEndExcluding": "1.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67502878-DB20-4410-ABA0-A1C5705064CD",
"versionEndExcluding": "17.15.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "177DED2D-8089-4494-BDD9-7F84FC06CD5B",
"versionEndExcluding": "7.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54A29FD3-4128-4333-8445-A7DD04A6ECF6",
"versionEndExcluding": "15.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67074526-9933-46B3-9FE3-A0BE73C5E8A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9",
"versionEndExcluding": "10.2\\(7\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A236A0A-6956-4D79-B8E5-B2D0C79FAE88",
"versionEndExcluding": "10.3\\(5\\)",
"versionStartIncluding": "10.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528ED62B-D739-4E06-AC64-B506FD73BBAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D402AB0-BCFB-4F42-8C50-5DC930AEEC8B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76C10D85-88AC-4A79-8866-BED88A0F8DF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09AC2BAD-F536-48D0-A2F0-D4E290519EB6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65CB7F6D-A82B-4A31-BFAC-FF4A4B8DF9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC4FFCC-E886-49BC-9737-5B5BA2AAB14B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4E8EE4-031D-47D3-A12E-EE5F792172EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00CDD8C3-67D5-4E9F-9D48-A77B55DB0AB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41C14CC9-C244-4B86-AEA6-C50BAD5DA9A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8FF2EC4-0C09-4C00-9956-A2A4A894F63D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D14D4B4E-120E-4607-A4F1-447C7BF3052E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15702ACB-29F3-412D-8805-E107E0729E35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E930332-CDDD-48D5-93BC-C22D693BBFA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29B34855-D8D2-4114-80D2-A4D159C62458",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF4B8FE-E134-4491-B5C2-C1CFEB64731B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4226DA0-9371-401C-8247-E6E636A116C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7664666F-BCE4-4799-AEEA-3A73E6AD33F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DBBFE9-835C-4411-8492-6006E74BAC65",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3293438-3D18-45A2-B093-2C3F65783336",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C97C29EE-9426-4BBE-8D84-AB5FF748703D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-x\\/3132q-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E142C18F-9FB5-4D96-866A-141D7D16CAF7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F43B770-D96C-44EA-BC12-9F39FC4317B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7817F4E6-B2DA-4F06-95A4-AF329F594C02",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CED628B5-97A8-4B26-AA40-BEC854982157",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB9DD73-E31D-4921-A6D6-E14E04703588",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172pq\\/pq-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFC116A-627F-4E05-B631-651D161217C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4532F513-0543-4960-9877-01F23CA7BA1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B43502B-FD53-465A-B60F-6A359C6ACD99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3229124-B097-4AAC-8ACD-2F9C89DCC3AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A532C0-B0E3-484A-B356-88970E7D0248",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C84D24C-2256-42AF-898A-221EBE9FE1E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "652A2849-668D-4156-88FB-C19844A59F33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D008CA1C-6F5A-40EA-BB12-A9D84D5AF700",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24FBE87B-8A4F-43A8-98A3-4A7D9C630937",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACD09AC-8B28-4ACB-967B-AB3D450BC137",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43913A0E-50D5-47DD-94D8-DD3391633619",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D397349-CCC6-479B-9273-FB1FFF4F34F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7286A7-780F-4A45-940A-4AD5C9D0F201",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA52D5C1-13D8-4D23-B022-954CCEF491F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7AF8D7-431B-43CE-840F-CC0817D159C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC204C8-1A5A-4E85-824E-DC9B8F6A802D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1073F-D374-4311-8F12-AD8C72FAA293",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF5AF71-15DF-4151-A1CF-E138A7103FC8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10F80A72-AD54-4699-B8AE-82715F0B58E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-x\\/xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E505C0B1-2119-4C6A-BF96-C282C633D169",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9354B6A2-D7D6-442E-BF4C-FE8A336D9E94",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*",
"matchCriteriaId": "088C0323-683A-44F5-8D42-FF6EC85D080E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74CB4002-7636-4382-B33E-FBA060A13C34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-x\\/xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "915EF8F6-6039-4DD0-B875-30D911752B74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10CEBF73-3EE0-459A-86C5-F8F6243FE27C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97217080-455C-48E4-8CE1-6D5B9485864F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95D2C4C3-65CE-4612-A027-AF70CEFC3233",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57572E4A-78D5-4D1A-938B-F05F01759612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9",
"versionEndExcluding": "10.2\\(7\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A236A0A-6956-4D79-B8E5-B2D0C79FAE88",
"versionEndExcluding": "10.3\\(5\\)",
"versionStartIncluding": "10.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD9C1F1-8582-4F67-A77D-97CBFECB88B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "532CE4B0-A3C9-4613-AAAF-727817D06FB4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24CA1A59-2681-4507-AC74-53BD481099B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4283E433-7F8C-4410-B565-471415445811",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9147C9-5D8B-40F5-9AAA-66A3495A0AD8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB9FDE8-8533-4F65-BF32-4066D042B2F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F80AB6FB-32FD-43D7-A9F1-80FA47696210",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA5389A-8AD1-476E-983A-54DF573C30F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B2E4C1-2627-4B9D-8E92-4B483F647651",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B1A8F1-45B1-4E64-A254-7191FA93CB6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83DA8BFA-D7A2-476C-A6F5-CAE610033BC2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "557ED31C-C26A-4FAE-8B14-D06B49F7F08B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11411BFD-3F4D-4309-AB35-A3629A360FB0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2FFD26-8255-4351-8594-29D2AEFC06EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E663DE91-C86D-48DC-B771-FA72A8DF7A7C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61E10975-B47E-4F4D-8096-AEC7B7733612",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E2CB2B-DA11-4CF7-9D57-3D4D48990DC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A90184B3-C82F-4CE5-B2AD-97D5E4690871",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40E40F42-632A-47DF-BE33-DC25B826310B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C67B7A6-9BB2-41FC-8FA3-8D0DF67CBC68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C47F6BF9-2ADB-41A4-8D7D-8BB00141BB23",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16C64136-89C2-443C-AF7B-BED81D3DE25A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEF7F26-BB47-44BD-872E-130820557C23",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07DE6F63-2C7D-415B-8C34-01EC05C062F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "182000E0-8204-4D8B-B7DE-B191AFE12E28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F309E7B9-B828-4CD2-9D2B-8966EE5B9CC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F423E45D-A6DD-4305-9C6A-EAB26293E53A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC208BC-7E19-48C6-A20E-A79A51B7362C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "102F91CD-DFB6-43D4-AE5B-DA157A696230",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E952A96A-0F48-4357-B7DD-1127D8827650",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "084D0191-563B-4FF0-B589-F35DA118E1C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DB6FC5-762A-4F16-AE8C-69330EFCF640",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F70D81F1-8B12-4474-9060-B4934D8A3873",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5394DE31-3863-4CA9-B7B1-E5227183100D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "968390BC-B430-4903-B614-13104BFAE635",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7349D69B-D8FA-4462-AA28-69DD18A652D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4BB834-2C00-4384-A78E-AF3BCDDC58AF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D30D52-837F-4FDA-B8E5-A9066E9C6D2F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6678B8A-D905-447E-BE7E-6BFB4CC5DAFE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE49B45-F2E9-491D-9C29-1B46E9CE14E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFAD21E-59EE-4CCE-8F1E-621D2EA50905",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91231DC6-2773-4238-8C14-A346F213B5E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF88547-BAF4-47B0-9F60-80A30297FCEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02C3CE6D-BD54-48B1-A188-8E53DA001424",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498991F7-39D6-428C-8C7D-DD8DC72A0346",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "113772B6-E9D2-4094-9468-3F4E1A87D07D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B90D36-5124-4669-8462-4EAF35B0F53D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C45A38D6-BED6-4FEF-AD87-A1E813695DE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1FC2B1F-232E-4754-8076-CC82F3648730",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDD27C9-5EAF-4956-8AB7-740C84C9D4FC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1127D2-12C0-454F-91EF-5EE334070D06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D6EB963-E0F2-4A02-8765-AB2064BE19E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*",
"matchCriteriaId": "785FD17C-F32E-4042-9DDE-A89B3AAE0334",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAAF99B-5406-4722-81FB-A91CBAC2DF41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73DC1E93-561E-490C-AE0E-B02BAB9A7C8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12DA2DE5-8ADA-4D6A-BC1A-9C06FA163B1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF467E2-4567-426E-8F48-39669E0F514C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63842B25-8C32-4988-BBBD-61E9CB09B4F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68EA1FEF-B6B6-49FE-A0A4-5387F76303F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D6DB7F-C025-4971-9615-73393ED61078",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4364ADB9-8162-451D-806A-B98924E6B2CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B53BCB42-ED61-4FCF-8068-CB467631C63C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "737C724A-B6CD-4FF7-96E0-EBBF645D660E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7067AEC7-DFC8-4437-9338-C5165D9A8F36",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49E0371B-FDE2-473C-AA59-47E1269D050F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "489D11EC-5A18-4F32-BC7C-AC1FCEC27222",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71D4CF15-B293-4403-A1A9-96AD3933BAEF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBCC1515-2DBE-4DF2-8E83-29A869170F36",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC5293E-F2B4-46DC-85DA-167EA323FCFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7282AAFF-ED18-4992-AC12-D953C35EC328",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA022E77-6557-4A33-9A3A-D028E2DB669A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "360409CC-4172-4878-A76B-EA1C1F8C7A79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D5D5E2-B40B-475D-9EF3-8441016E37E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA8E1F0-74A6-4725-B6AA-A1112EFC5D0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63BE0266-1C00-4D6A-AD96-7F82532ABAA7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73F59A4B-AE92-4533-8EDC-D1DD850309FF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492A2C86-DD38-466B-9965-77629A73814F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB7AA46-4018-4925-963E-719E1037F759",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31B9D1E4-10B9-4B6F-B848-D93ABF6486D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_a\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB270C45-756E-400A-979F-D07D750C881A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8A085C-2DBA-4269-AB01-B16019FBB4DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_b\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A79DD582-AF68-44F1-B640-766B46EF2BE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B04484DA-AA59-4833-916E-6A8C96D34F0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "768BE390-5ED5-48A7-9E80-C4DE8BA979B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D07B5399-44C7-468D-9D57-BB5B5E26CE50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B76FB64F-16F0-4B0B-B304-B46258D434BA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02DC82-0D26-436F-BA64-73C958932B0A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E128053-834B-4DD5-A517-D14B4FC2B56F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "163743A1-09E7-4EC5-8ECA-79E4B9CE173B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE340E4C-DC48-4FC8-921B-EE304DB5AE0A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C367BBE0-D71F-4CB5-B50E-72B033E73FE1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85E1D224-4751-4233-A127-A041068C804A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD31B075-01B1-429E-83F4-B999356A0EB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10C9C0A-C96A-4B45-90D0-6ED457EB5F4C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3284D16F-3275-4F8D-8AE4-D413DE19C4FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
},
{
"lang": "es",
"value": "El protocolo HTTP/2 permite una denegaci\u00f3n de servicio (consumo de recursos del servidor) porque la cancelaci\u00f3n de solicitudes puede restablecer muchas transmisiones r\u00e1pidamente, como se explot\u00f3 en la naturaleza entre agosto y octubre de 2023."
}
],
"id": "CVE-2023-44487",
"lastModified": "2025-04-12T01:00:01.957",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-10-10T14:15:10.883",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Vendor Advisory"
],
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Vendor Advisory"
],
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Vendor Advisory"
],
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/golang/go/issues/63417"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/line/armeria/pull/5232"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Press/Media Coverage"
],
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Vendor Advisory"
],
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Vendor Advisory"
],
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Vendor Advisory"
],
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/golang/go/issues/63417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/line/armeria/pull/5232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Press/Media Coverage"
],
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-17 14:29
Modified
2024-11-21 04:11
Severity ?
Summary
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6855CC9-21A0-4C1B-8C27-A15FA0D7244F",
"versionEndExcluding": "6.14.0",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "A6E7AD1F-26AA-4CBA-9162-7DFC0B09E620",
"versionEndExcluding": "8.11.0",
"versionStartIncluding": "8.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8FC117F5-0B41-49F5-83DF-B830DEE95404",
"versionEndExcluding": "9.10.0",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access."
},
{
"lang": "es",
"value": "El inspector de Node.js, en versiones 6.x y siguientes, es vulnerable a un ataque de reenlace DNS que podr\u00eda explotarse para ejecutar c\u00f3digo de forma remota. El ataque es posible desde sitios web maliciosos abiertos en un navegador web en el mismo ordenador o desde otro ordenador con acceso de red al ordenador que ejecuta el proceso Node.js. Un sitio web malicioso podr\u00eda emplear un ataque de reenlace DNS para enga\u00f1ar al navegador web para que omita las comprobaciones de pol\u00edtica del mismo origen y para permitir conexiones HTTP al host local o a hosts en la red local. Si un proceso Node.js con el puerto de depuraci\u00f3n activo se est\u00e1 ejecutando en el host local o en un host en la red local, el sitio web malicioso podr\u00eda conectarse a \u00e9l como depurador y obtener acceso total de ejecuci\u00f3n de c\u00f3digo."
}
],
"id": "CVE-2018-7160",
"lastModified": "2024-11-21T04:11:42.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-17T14:29:00.827",
"references": [
{
"source": "cve-request@iojs.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
},
{
"source": "cve-request@iojs.org",
"url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
],
"sourceIdentifier": "cve-request@iojs.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-350"
}
],
"source": "cve-request@iojs.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-06 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openssl | openssl | 1.0.1 | |
| openssl | openssl | 1.0.1a | |
| openssl | openssl | 1.0.1b | |
| openssl | openssl | 1.0.1c | |
| openssl | openssl | 1.0.1d | |
| openssl | openssl | 1.0.1e | |
| openssl | openssl | 1.0.1f | |
| openssl | openssl | 1.0.1g | |
| openssl | openssl | 1.0.1h | |
| openssl | openssl | 1.0.1i | |
| openssl | openssl | 1.0.1j | |
| openssl | openssl | 1.0.1k | |
| openssl | openssl | 1.0.1l | |
| openssl | openssl | 1.0.1m | |
| openssl | openssl | 1.0.1n | |
| openssl | openssl | 1.0.1o | |
| openssl | openssl | 1.0.1p | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2a | |
| openssl | openssl | 1.0.2b | |
| openssl | openssl | 1.0.2c | |
| openssl | openssl | 1.0.2d | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "CEDACCB9-8D61-49EE-9957-9E58BC7BB031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
"matchCriteriaId": "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
"matchCriteriaId": "E884B241-F9C3-44F8-A420-DE65F5F3D660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
"matchCriteriaId": "3A383620-B4F7-44A7-85DA-A4FF2E115D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0C6812-F455-49CF-B29B-9AC00306DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
"matchCriteriaId": "3703E445-17C0-4C85-A496-A35641C0C8DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
"matchCriteriaId": "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
"matchCriteriaId": "ABEC1927-F469-4B9E-B544-DA6CF90F0B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EC827B-5313-47D7-BF49-CFF033CF3D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
"matchCriteriaId": "A438E65F-33B1-46BC-AD93-200DCC6B43D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFDCF78-62C1-429E-A43C-0C9FEC14837D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6938258D-CD7F-4D26-8AEC-166F699112B7",
"versionEndExcluding": "0.10.41",
"versionStartIncluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C420E9F-C071-4B7A-A79D-E8C6A699CE01",
"versionEndExcluding": "0.12.9",
"versionStartIncluding": "0.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "70003343-C6CD-4254-B0FA-934B28278AE5",
"versionEndExcluding": "4.2.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A5B479-9CF7-4DB3-A10E-C093726476E1",
"versionEndExcluding": "5.1.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter."
},
{
"lang": "es",
"value": "crypto/rsa/rsa_ameth.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una firma RSA PSS ASN.1 que carece de un par\u00e1metro de funci\u00f3n de generaci\u00f3n de m\u00e1scara."
}
],
"id": "CVE-2015-3194",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-12-06T20:59:04.707",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://openssl.org/news/secadv/20151203.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2617.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3413"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/78623"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034294"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2830-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288320"
},
{
"source": "secalert@redhat.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "secalert@redhat.com",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c394a488942387246653833359a5c94b5832674e"
},
{
"source": "secalert@redhat.com",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d8541d7e9e63bf5f343af24644046c8d96498c17"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://openssl.org/news/secadv/20151203.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2617.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/78623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2830-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c394a488942387246653833359a5c94b5832674e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d8541d7e9e63bf5f343af24644046c8d96498c17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-26 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_module_for_web_scripting:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F788DAEB-9865-45DE-B18A-FDD43E1EBB9D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF148A3-1AA7-4F27-85AB-414C609C626F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "303F780C-C971-4216-86D6-5026AAD56279",
"versionEndExcluding": "4.6.0",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8291D42E-9E50-414D-9752-D70906D512B2",
"versionEndExcluding": "6.7.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation."
},
{
"lang": "es",
"value": "crypto/x509/x509_vfy.c en OpenSSL 1.0.2i permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda de aplicaci\u00f3n) desencadenando una operaci\u00f3n CRL."
}
],
"id": "CVE-2016-7052",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-26T19:59:07.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93171"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036885"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"source": "cve@mitre.org",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6e629b5be45face20b4ca71c4fcbfed78b864a2e"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20160926.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6e629b5be45face20b4ca71c4fcbfed78b864a2e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20160926.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-20"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-04 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2a | |
| openssl | openssl | 1.0.2b | |
| openssl | openssl | 1.0.2c | |
| openssl | openssl | 1.0.2d | |
| openssl | openssl | 1.0.2e | |
| openssl | openssl | 1.0.2f | |
| openssl | openssl | 1.0.2h | |
| openssl | openssl | 1.0.2i | |
| openssl | openssl | 1.1.0a | |
| openssl | openssl | 1.1.0b | |
| openssl | openssl | 1.1.0c | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "18797BEE-417D-4959-9AAD-C5A7C051B524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6FAA3C31-BD9D-45A9-A502-837FECA6D479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6455A421-9956-4846-AC7C-3431E0D37D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "94D9EC1C-4843-4026-9B05-E060E9391734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
"matchCriteriaId": "036FB24F-7D86-4730-8BC9-722875BEC807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF148A3-1AA7-4F27-85AB-414C609C626F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7A18A-116B-4F68-BEA3-A4E9DDDA55C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC70262-0DCD-4B46-9C96-FD18D0207511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E07A34-08A0-4765-AF81-46A3BDC5648A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "934083EB-2961-49FF-B8D7-B870D1FA3CB8",
"versionEndExcluding": "4.7.3",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "121E5D5D-B4D9-43F3-B5C9-74590192FAF1",
"versionEndIncluding": "5.12.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "14346EBC-1890-472B-B236-06FE381229EC",
"versionEndExcluding": "6.9.5",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "2EE58CC5-2E12-4DA9-8AF2-9739CE393008",
"versionEndExcluding": "7.5.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem."
},
{
"lang": "es",
"value": "Hay un error de propagaci\u00f3n de d\u00edgito (carry propagation) en el procedimiento de elevaci\u00f3n al cuadrado de Montgomery x86_64 en OpenSSL versiones 1.0.2 anteriores a la 1.0.2k y versiones 1.1.0 anteriores a la 1.1.0d. Ning\u00fan algoritmo de curva el\u00edptica (EC) se ve afectado. El an\u00e1lisis sugiere que los ataques contra RSA y DSA que se realizan como resultado de este defecto ser\u00edan muy dif\u00edciles de realizar y no muy probables. Los ataques contra DH se consideran factibles (aunque muy dif\u00edciles) ya que la mayor\u00eda del trabajo necesario para deducir informaci\u00f3n sobre una clave privada se puede realizar sin conexi\u00f3n La cantidad de recursos requeridos para este tipo de ataque ser\u00eda muy significativa y, probablemente, solo estar\u00eda accesible para un n\u00famero limitado de atacantes. Un atacante podr\u00eda necesitar, adem\u00e1s, acceso a un sistema sin parches que utilice la clave privada del objetivo en un escenario con par\u00e1metros DH persistentes y una clave privada que se comparte entre m\u00faltiples clientes. Por ejemplo, esto puede ocurrir por defecto en las suites de cifrado SSL/TLS basadas en DHE de OpenSSL. Nota: Este problema es muy similar a CVE-2015-3193, pero debe tratarse como un problema separado."
}
],
"id": "CVE-2017-3732",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-04T19:29:00.400",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95814"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037717"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2185"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2186"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2568"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2575"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2713"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-07"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20170126.txt"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20170126.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2017-04"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-13 16:29
Modified
2024-11-21 04:11
Severity ?
Summary
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-request@iojs.org | http://www.securityfocus.com/bid/104468 | Third Party Advisory, VDB Entry | |
| cve-request@iojs.org | https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/ | Vendor Advisory | |
| cve-request@iojs.org | https://security.gentoo.org/glsa/202003-48 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104468 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202003-48 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8C9ECBEB-3A20-44AC-86B9-D4051BC64656",
"versionEndExcluding": "9.11.2",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "6F40337E-4705-46D3-9731-A3B3A9303A74",
"versionEndExcluding": "10.4.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation."
},
{
"lang": "es",
"value": "Todas las versiones 9.x y 10.x de Node.js son vulnerables y la gravedad es ALTA. Un atacante podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) haciendo que un proceso node que proporcione un servidor http de soporte de un servidor TLS se cierre inesperadamente. Esto puede lograrse mediante el env\u00edo de mensajes duplicados/inesperados durante el handshake. Esto ha sido abordado actualizando la implementaci\u00f3n TLS."
}
],
"id": "CVE-2018-7162",
"lastModified": "2024-11-21T04:11:42.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-13T16:29:01.780",
"references": [
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104468"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-48"
}
],
"sourceIdentifier": "cve-request@iojs.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-23 20:15
Modified
2025-03-12 18:15
Severity ?
Summary
A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482",
"versionEndIncluding": "14.14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "DA48F3CE-68BC-43F1-9428-A9F928420081",
"versionEndExcluding": "14.21.3",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1D1D0CEC-62E5-4368-B8F2-1DA5DD0B88FA",
"versionEndIncluding": "16.12.0",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "6E9FAEC6-2D3A-4CBE-859F-11BCECC4F724",
"versionEndExcluding": "16.19.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "33DB62F6-9D8D-42F8-A75E-82DA091C02BC",
"versionEndIncluding": "18.11.0",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "80500AD0-17C2-4698-AE03-1C6782FD38B0",
"versionEndExcluding": "18.14.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8F4FCD16-4B9F-44B9-80DD-D024759CAB10",
"versionEndExcluding": "19.6.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy."
}
],
"id": "CVE-2023-23918",
"lastModified": "2025-03-12T18:15:24.973",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-23T20:15:13.920",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/"
},
{
"source": "support@hackerone.com",
"url": "https://security.netapp.com/advisory/ntap-20230316-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230316-0008/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-16 19:15
Modified
2024-11-21 05:50
Severity ?
Summary
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | nextgen_api | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | snapcenter | - | |
| oracle | graalvm | 20.3.3 | |
| oracle | graalvm | 21.2.0 | |
| oracle | mysql_cluster | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.57 | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | |
| siemens | sinec_infrastructure_network_services | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "564ED5C8-50D7-413A-B88E-E62B6C07336A",
"versionEndIncluding": "12.12.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "BE107DA6-ABDC-4FDD-B37D-1E6BFBBA18BD",
"versionEndExcluding": "12.22.5",
"versionStartIncluding": "12.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482",
"versionEndIncluding": "14.14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "BB2960EF-D182-4E4F-9449-470B629D90E3",
"versionEndExcluding": "14.17.5",
"versionStartIncluding": "14.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "59F5CA28-E970-48C4-A406-31667C47F61D",
"versionEndExcluding": "16.6.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:nextgen_api:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EE68D2F-B62A-413E-9C14-0797D9C9DD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "53B2BB06-A2F7-4603-89C3-C8500E55483A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "01E88C86-8C04-4A4A-BF45-9082AA783056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BE3F5E-DBD8-4682-A262-CAEFC2D9221F",
"versionEndIncluding": "8.0.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library."
},
{
"lang": "es",
"value": "Node.js versiones anteriores a 16.6.0, 14.17.4 y 12.22.4, es vulnerable a una Ejecuci\u00f3n de C\u00f3digo Remota , ataques de tipo XSS, bloqueo de Aplicaciones debido a una falta de comprobaci\u00f3n de entrada de los nombres de host devueltos por los Servidores de Nombres de Dominio en la librer\u00eda dns de Node.js, que puede conllevar a la salida de nombres de host err\u00f3neos (conllevando al Secuestro de Dominio) y vulnerabilidades de inyecci\u00f3n en aplicaciones que usan la librer\u00eda."
}
],
"id": "CVE-2021-22931",
"lastModified": "2024-11-21T05:50:57.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-16T19:15:13.127",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1178337"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/"
},
{
"source": "support@hackerone.com",
"url": "https://security.gentoo.org/glsa/202401-02"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210923-0001/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1178337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210923-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-170"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-07 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2a | |
| openssl | openssl | 1.0.2b | |
| openssl | openssl | 1.0.2c | |
| openssl | openssl | 1.0.2d | |
| openssl | openssl | 1.0.2e | |
| openssl | openssl | 1.0.2f | |
| openssl | openssl | 1.0.2g | |
| openssl | openssl | 1.0.2h | |
| openssl | openssl | 1.0.2i | |
| openssl | openssl | 1.0.2j | |
| openssl | openssl | 1.0.2k | |
| openssl | openssl | 1.0.2l | |
| openssl | openssl | 1.0.2m | |
| openssl | openssl | 1.1.0 | |
| openssl | openssl | 1.1.0a | |
| openssl | openssl | 1.1.0b | |
| openssl | openssl | 1.1.0c | |
| openssl | openssl | 1.1.0d | |
| openssl | openssl | 1.1.0e | |
| openssl | openssl | 1.1.0f | |
| openssl | openssl | 1.1.0g | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "18797BEE-417D-4959-9AAD-C5A7C051B524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6FAA3C31-BD9D-45A9-A502-837FECA6D479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6455A421-9956-4846-AC7C-3431E0D37D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "94D9EC1C-4843-4026-9B05-E060E9391734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
"matchCriteriaId": "B066401C-21CF-4BE9-9C55-C9F1E0C7BE3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
"matchCriteriaId": "036FB24F-7D86-4730-8BC9-722875BEC807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF148A3-1AA7-4F27-85AB-414C609C626F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*",
"matchCriteriaId": "E15B749E-6808-4788-AE42-7A1587D8697E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:*",
"matchCriteriaId": "58F80C8D-BCA2-40AD-BD22-B70C7BE1B298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:*",
"matchCriteriaId": "70B78EDF-6BB7-42C4-9423-9332C62C6E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2m:*:*:*:*:*:*:*",
"matchCriteriaId": "E2354F82-A01B-43D2-84F4-4E94B258E091",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73104834-5810-48DD-9B97-549D223853F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7A18A-116B-4F68-BEA3-A4E9DDDA55C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC70262-0DCD-4B46-9C96-FD18D0207511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E07A34-08A0-4765-AF81-46A3BDC5648A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0d:*:*:*:*:*:*:*",
"matchCriteriaId": "83B0A3D8-60C7-4F42-9DD6-C535F983D98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0e:*:*:*:*:*:*:*",
"matchCriteriaId": "CD08E859-BB6D-4909-A873-C2609FA2821A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0f:*:*:*:*:*:*:*",
"matchCriteriaId": "C2BF7D67-EAF4-4D01-9185-0DB69F2C543B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0g:*:*:*:*:*:*:*",
"matchCriteriaId": "179144A7-D263-4BD8-A019-35DE39C777FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "3818E441-8DC4-42E6-8D11-E58D195CBE8A",
"versionEndExcluding": "4.8.7",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "BEA03114-7288-4E7C-9220-C0ABCD5F0389",
"versionEndExcluding": "6.12.2",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "C45E9D50-CD3D-480B-B9B8-451ADFF26505",
"versionEndExcluding": "8.9.3",
"versionStartIncluding": "8.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "82FDBB10-3298-4C9A-9CC0-D34643AEC868",
"versionEndExcluding": "9.2.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository."
},
{
"lang": "es",
"value": "Existe un error de desbordamiento en el procedimiento de multiplicaci\u00f3n AVX2 Montgomery empleado en la exponenciaci\u00f3n con m\u00f3dulos de 1024 bits. Los algoritmos EC no se han visto afectados. Los an\u00e1lisis sugieren que los ataques contra RSA y DSA como resultado de este defecto ser\u00edan muy dif\u00edciles de realizar y se cree que son improbables. Los ataques contra DH102 se consideran solo posibles, ya que la mayor parte del trabajo necesario para deducir informaci\u00f3n sobre una clave privada puede realizarse sin conexi\u00f3n. La cantidad de recursos necesarios para realizar tal ataque ser\u00eda significativa. Sin embargo, para que un ataque sobre TLS sea significativo, el servidor tendr\u00eda que compartir la clave privada DH1024 entre m\u00faltiples clientes, lo que ya no es una opci\u00f3n desde CVE-2016-0701. Esto solo afecta a procesadores compatibles con la extensi\u00f3n AVX2, pero no la ADX, como Intel Haswell (cuarta generaci\u00f3n). Nota: El impacto de este problema es similar a CVE-2017-3736, CVE-2017-3732 y CVE-2015-3193. Se han visto afectadas las versiones 1.0.2-1.0.2m y 1.1.0-1.1.0g de OpenSSL. Se ha solucionado en OpenSSL 1.0.2n. Debido a la baja gravedad de este problema, no se va a lanzar una nueva versi\u00f3n de OpenSSL 1.1.0 en este momento. La correcci\u00f3n se aplicar\u00e1 en OpenSSL 1.1.0h cuando est\u00e9 disponible. La correcci\u00f3n tambi\u00e9n estar\u00e1 disponible en el commit con ID e502cc86d en el repositorio Git de OpenSSL."
}
],
"id": "CVE-2017-3738",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-07T16:29:00.240",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102118"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039978"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0998"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2185"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2186"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201712-03"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171208-0001/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4065"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4157"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20171207.txt"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20180327.txt"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2017-16"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-04"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-06"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201712-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171208-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20171207.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20180327.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2017-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-07"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-02 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:sdk:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "F581B2CF-A05C-4ABB-9042-A34085A546D4",
"versionEndIncluding": "1.1.0.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sdk:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "748ABD64-797B-422E-A456-0A97AD24F29B",
"versionEndIncluding": "1.2.0.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sdk:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "3B824DD1-B652-47FF-B934-3C7A59DDF5DF",
"versionEndIncluding": "4.4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2E637C-EA49-4DB6-B4D5-B4684A9549C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1966CED-11A1-4328-A57E-308BE5E4CCD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F46AD2-BB74-4391-8A4F-7BE49EF41F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC36E36A-9592-49DA-AACE-B3638FC55F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B98E9F42-08BC-49B5-90C8-AC3EA7960C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA37EF5-DF97-467B-9A56-1611345387FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0BD0C1-2294-4AFB-B4AE-C81576FB9AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4057D560-81EE-49ED-888C-89560DBE3348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F87810E1-BDAD-455D-82E3-334CC102AB2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC00B3A-3C9D-4487-9686-775CBAA1CC42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7C0A4F5B-4546-414C-A209-07C27ED1C944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2515087F-B272-4B76-99F4-ACA0C2460046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7016DE-A3A5-450B-9FBD-2C98A07FF3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1848A7-E68E-4CB4-B73C-C5200ABAC9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*",
"matchCriteriaId": "59F861AB-574A-41BF-8E2D-6440B35C2AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*",
"matchCriteriaId": "41C8CEF8-49E1-4CB0-837B-E85C76BF9DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7101A5-FDC9-4897-B8E8-6A07790D42A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*",
"matchCriteriaId": "F7776F01-29AC-4161-9C91-C7392C6A356E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3CADD766-8328-4669-BE66-A4757D5FB471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9792E9-2593-46B4-9633-E2F2DB11106B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*",
"matchCriteriaId": "FF209248-8921-419A-86EB-30E7095E4514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2C0D6C34-E046-40BD-907D-0E2510C09A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E5CBB83F-19AD-44BD-B7D4-19C1A8F80011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E2EA97-156D-4870-8967-78E4ED6EF64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*",
"matchCriteriaId": "54961BCA-8730-4B40-8385-41F6D65797F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B22FA598-E613-4652-92CD-237F749D13DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F321AF-FCC7-456D-AFE2-2CEF9CBAFCC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*",
"matchCriteriaId": "18F2EC65-2A47-4C45-8D58-63D18443B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*",
"matchCriteriaId": "D0517A28-70F9-4947-BEF0-9CC645388BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DD5BBD-922E-4026-9DEC-98CF9411CE95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*",
"matchCriteriaId": "63E078BA-8BDC-47EB-84B9-09B785FD1213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9971A7-1C18-43C0-97BC-27096609EFC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA5107B-4347-4D43-ADA6-141527A40333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*",
"matchCriteriaId": "0C679CFA-50D4-430B-B372-113CE236EACC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AA6FEE-C630-4545-BCCF-3C211461C6C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*",
"matchCriteriaId": "682E8A32-1F1E-4427-BAD8-58596F85F170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*",
"matchCriteriaId": "C9827EF0-E340-4A75-9735-F20CDF09CA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C02C09-D738-45B1-BF6F-A4499E5F8D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*",
"matchCriteriaId": "EE85CACC-842F-46C7-966D-48E866055A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*",
"matchCriteriaId": "771BCA5F-B762-4569-AB46-08A13A4EFD5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*",
"matchCriteriaId": "21E05024-3647-456D-A731-D19411FED2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*",
"matchCriteriaId": "89929EB1-D723-496B-A7C6-4B4CD9C176B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*",
"matchCriteriaId": "D3EA4652-EF0E-414C-AEB8-AEFE788B66A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9002F9-87C4-4C7F-9BD9-430EB15CD4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21EF734D-9E6B-4E01-9AFE-C0B847D583A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12606C39-6F39-4DDF-9B36-A160875B265F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4D8789-33C3-498A-857D-CC6576732C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "466E8851-6BE7-4716-AB16-3E985411C35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C4DB21-F35A-4567-8B04-85DB3089CDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7E7436-117A-4F79-BA7A-2A0059BB9694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "037511C2-3FA9-4A4C-996B-A1462C221DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "65EEB1B9-2E75-46F4-B70C-94991D38B427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5C5750-10F3-45D7-AC9B-7EA06F4B3887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0390D600-532D-4675-95BB-10EC4E06F3E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35AAF7CD-9AE6-4A4B-858E-4B17031BD058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DCB6010-AC31-4B61-9DA6-E119ADC5D70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5364365-36F1-49C0-BF8D-2D5054BC7B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0740684D-989A-4957-8AC1-AAB01A04E393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08C97202-6AEC-4B8D-B3F6-49F6AEF9CFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFA073A-9AC2-4162-9DDA-B6CD0AE53D3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8FD4B3-D515-486A-94A3-29CBDA2E25CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55E18631-9502-42CC-A85A-EA5742FDC317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCBC213-1524-4C88-9EB3-52E003070A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C928FB55-2F33-4458-8484-4010AE8883A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CEEFA5F-2B32-4CA0-84AD-E0ECA0F81078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4754B0A8-A7D7-41A1-BFE5-10D84E7CEC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.3.1:rc.1:*:*:*:*:*:*",
"matchCriteriaId": "5545EA7D-77F3-439B-B524-E126E38FC0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.3.1:rc.2:*:*:*:*:*:*",
"matchCriteriaId": "375D5E3C-4ED5-4BA2-868D-83DC64DA0293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D132104E-163C-47EE-B247-578D64AC88D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E208FB1-A772-4002-BD56-3360BDDFEF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.0:rc.1:*:*:*:*:*:*",
"matchCriteriaId": "C357BFEF-5156-4254-97D9-0D9CE98505BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.0:rc.2:*:*:*:*:*:*",
"matchCriteriaId": "8EC465B1-1FE1-4BCA-8754-C55B94947140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.0:rc.3:*:*:*:*:*:*",
"matchCriteriaId": "3E702637-0A91-4572-9932-529837214667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.0:rc.4:*:*:*:*:*:*",
"matchCriteriaId": "EBAD975C-7A68-48B3-83CE-6876D92B1A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "14BE6C0B-E6EC-4CD2-912B-45DE9F94BA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64F7E56E-CA65-47C3-9ADA-F13A834D3961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "183A5888-01C5-4977-9C66-1467FFA6D457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F811E8BB-F1C8-43BE-BEAD-FC4FE122ABEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDE8D29-7C15-44D1-8D5C-0E438D9DE029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCA3C10-FB37-4256-812A-EB8A3A095E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54197CC5-9C7D-4DCE-A60F-625DE246E5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6173A6E4-F472-46CF-9762-6F3CAAFD9C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C25A52-E3C0-4429-AB96-1E33523E51D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "590070D6-198A-456E-A55D-D0B06DD3FF8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46FCC5E2-1106-4153-B8C6-5E9594735529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56778D45-8B99-406D-BE97-034D3A29F32E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C7E2F2-8C41-4F3B-848A-144DCA30FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.8.1:rc.1:*:*:*:*:*:*",
"matchCriteriaId": "22969DF2-6A8A-4483-9EEF-65DEE6A945E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11778EAE-5DCD-4D4E-807B-FD3C0DC47BE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C203335-0CB9-4B38-80C1-344607FFAE29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06A529ED-154E-40BA-86B3-297613BBD237",
"versionEndExcluding": "2.15.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B884EB02-113D-4867-BC74-CEA49F19142F",
"versionEndExcluding": "3.8.3",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers."
},
{
"lang": "es",
"value": "La CLI en npm en versiones anteriores a 2.15.1 y 3.x en versiones anteriores a 3.8.3, tal como se utiliza en Node.js 0.10 en versiones anteriores a 0.10.44, 0.12 en versiones anteriores a 0.12.13, 4 en versiones anteriores a 4.4.2 y 5 en versiones anteriores a 5.10.0, incluye tokens portadores con peticiones arbitrarias, lo que permite a servidores HTTP remotos obtener informaci\u00f3n sensible leyendo cabeceras de autorizaci\u00f3n."
}
],
"id": "CVE-2016-3956",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-02T14:59:19.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980827"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/npm/npm/issues/8380"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/npm/npm/issues/8380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-18 21:15
Modified
2024-11-21 05:38
Severity ?
Summary
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| fedoraproject | fedora | 33 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA70BBF0-BD24-4786-A705-48F26FF4B34B",
"versionEndExcluding": "14.11.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js \u003c 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections."
},
{
"lang": "es",
"value": "Node.js versiones anteriores a 14.11.0, es vulnerable a ataques de denegaci\u00f3n de servicio (DoS) HTTP basados ??en el env\u00edo de peticiones retrasadas que pueden hacer que el servidor no pueda aceptar nuevas conexiones"
}
],
"id": "CVE-2020-8251",
"lastModified": "2024-11-21T05:38:35.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-18T21:15:13.403",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/868834"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-07"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/868834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0004/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-24 02:15
Modified
2024-11-21 08:03
Severity ?
Summary
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/1946470 | Exploit, Third Party Advisory | |
| support@hackerone.com | https://security.netapp.com/advisory/ntap-20231006-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1946470 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20231006-0006/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F7394398-D1FA-4786-B962-7D0FFF50DB2D",
"versionEndIncluding": "16.20.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "7DAF267F-6FDD-4914-B37E-181B91BF8B64",
"versionEndIncluding": "18.17.0",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "145E971E-F0AF-49A7-8A9C-3AAFE01C076B",
"versionEndIncluding": "20.5.0",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding(\u0027spawn_sync\u0027)` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escalada de privilegios en el mecanismo de directiva experimental en todas las l\u00edneas de versi\u00f3n activas: 16.x, 18.x y 20.x. El uso de la API obsoleta \u0027process.binding()\u0027 puede omitir el mecanismo de la pol\u00edtica al requerir m\u00f3dulos internos y, finalmente, aprovechar \u0027process.binding(\u0027spawn_sync\u0027)\u0027 ejecutar c\u00f3digo arbitrario, fuera de los l\u00edmites definidos en un archivo \u0027policy.json\u0027. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, la pol\u00edtica es una funcionalidad experimental de Node.js.\n"
}
],
"id": "CVE-2023-32559",
"lastModified": "2024-11-21T08:03:35.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-24T02:15:09.210",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1946470"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231006-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1946470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231006-0006/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-24 19:15
Modified
2024-11-21 06:31
Severity ?
Summary
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| oracle | graalvm | 20.3.5 | |
| oracle | graalvm | 21.3.1 | |
| oracle | graalvm | 22.0.0.2 | |
| oracle | mysql_cluster | * | |
| oracle | mysql_connectors | * | |
| oracle | mysql_enterprise_monitor | * | |
| oracle | mysql_server | * | |
| oracle | mysql_server | * | |
| oracle | mysql_workbench | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "DAE16BC9-7B14-48DA-ADEB-D1898E0B9885",
"versionEndExcluding": "12.22.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8499B085-A803-4958-BB99-8E7FABB177BB",
"versionEndExcluding": "14.18.3",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "113157AB-0571-4244-A857-ADE4F4EA1F11",
"versionEndExcluding": "16.13.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "9DF5B801-BC99-4F91-B350-C14A5998532C",
"versionEndExcluding": "17.3.1",
"versionStartIncluding": "17.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "079F2588-2746-408B-9BB0-9A569289985B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "51600424-E294-41E0-9C8B-12D0C3456027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB1E9C2-30CD-4DD2-BB9F-AF59B8DA9B9E",
"versionEndIncluding": "8.0.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "727AE4B8-ECED-4942-B378-AC869D39D8D0",
"versionEndIncluding": "8.0.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747",
"versionEndIncluding": "8.0.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "361CAD5F-8866-44CC-A47E-C0E98A9FAABA",
"versionEndIncluding": "5.7.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D713546-8144-491B-B3D9-FBE437E4A442",
"versionEndIncluding": "8.0.28",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1768074-FDA8-485C-B005-7FB3F7AA2330",
"versionEndIncluding": "8.0.28",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js \u003c 12.22.9, \u003c 14.18.3, \u003c 16.13.2, and \u003c 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option."
},
{
"lang": "es",
"value": "Node.js versiones anteriores a 12.22.9, versiones anteriores a 14.18.3, versiones anteriores a 16.13.2 y versiones anteriores a 17.3.1, convierte los SAN (Subject Alternative Names) a un formato de cadena. usa esta cadena para comprobar los certificados de los compa\u00f1eros con los nombres de host cuando comprueba las conexiones. El formato de cadena estaba sujeto a una vulnerabilidad de inyecci\u00f3n cuando eran usados restricciones de nombre dentro de una cadena de certificados, permitiendo omitir estas restricciones de nombre. Las versiones de Node.js con la correcci\u00f3n de esto escapan de los SAN que contienen los caracteres problem\u00e1ticos para evitar la inyecci\u00f3n. Este comportamiento puede revertirse mediante la opci\u00f3n de l\u00ednea de comandos --security-revert"
}
],
"id": "CVE-2021-44532",
"lastModified": "2024-11-21T06:31:10.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-24T19:15:09.360",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1429694"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5170"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1429694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-296"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-14 19:15
Modified
2024-11-21 06:36
Severity ?
Summary
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openssl | openssl | * | |
| openssl | openssl | 1.1.0 | |
| openssl | openssl | 3.0.0 | |
| netapp | cloud_backup | - | |
| netapp | e-series_performance_analyzer | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | snapcenter | - | |
| netapp | a250_firmware | - | |
| netapp | a250 | - | |
| netapp | 500f_firmware | - | |
| netapp | 500f | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D53A6288-46D2-452F-95DA-ADA3A55544E5",
"versionEndExcluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73104834-5810-48DD-9B97-549D223853F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1E839A-4780-412E-9F02-DD3029A0B8EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1236B66D-EB11-4324-929F-E2B86683C3C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "281DFC67-46BB-4FC2-BE03-3C65C9311F65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF32BB1-9A58-4821-AE49-5D5C8200631F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F21DE67F-CDFD-4D36-9967-633CD0240C6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "EF176509-5AA8-4644-84E5-051964AECCE5",
"versionEndExcluding": "17.3.0",
"versionStartIncluding": "17.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0)."
},
{
"lang": "es",
"value": "Internamente libssl en OpenSSL llama a X509_verify_cert() en el lado del cliente para verificar un certificado suministrado por un servidor. Esta funci\u00f3n puede devolver un valor negativo para indicar un error interno (por ejemplo, falta de memoria). Tal valor de retorno negativo es mal manejado por OpenSSL y causar\u00e1 que una funci\u00f3n IO (como SSL_connect() o SSL_do_handshake()) no indique el \u00e9xito y una llamada posterior a SSL_get_error() devuelva el valor SSL_ERROR_WANT_RETRY_VERIFY. Este valor de retorno s\u00f3lo debe ser devuelto por OpenSSL si la aplicaci\u00f3n ha llamado previamente a SSL_CTX_set_cert_verify_callback(). Como la mayor\u00eda de las aplicaciones no hacen esto, el valor de retorno SSL_ERROR_WANT_RETRY_VERIFY de SSL_get_error() ser\u00e1 totalmente inesperado y las aplicaciones pueden no comportarse correctamente como resultado. El comportamiento exacto depender\u00e1 de la aplicaci\u00f3n, pero podr\u00eda resultar en bloqueos, bucles infinitos u otras respuestas incorrectas similares. Este problema se agrava en combinaci\u00f3n con otro fallo en OpenSSL versi\u00f3n 3.0 que har\u00e1 que X509_verify_cert() indique un error interno cuando procesa una cadena de certificados. Esto ocurrir\u00e1 cuando un certificado no incluya la extensi\u00f3n de nombre alternativo del sujeto pero cuando una autoridad de certificaci\u00f3n haya aplicado restricciones de nombre. Este problema puede producirse incluso con cadenas v\u00e1lidas. Combinando los dos problemas, un atacante podr\u00eda inducir un comportamiento incorrecto y dependiente de la aplicaci\u00f3n. Corregido en OpenSSL versi\u00f3n 3.0.1 (Afectado 3.0.0)"
}
],
"id": "CVE-2021-4044",
"lastModified": "2024-11-21T06:36:47.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-14T19:15:07.807",
"references": [
{
"source": "openssl-security@openssl.org",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211229-0003/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20211214.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211229-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20211214.txt"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-24 19:15
Modified
2024-11-21 06:45
Severity ?
Summary
Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| oracle | mysql_cluster | * | |
| oracle | mysql_connectors | * | |
| oracle | mysql_enterprise_monitor | * | |
| oracle | mysql_server | * | |
| oracle | mysql_workbench | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | snapcenter | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "6CE47ECC-681D-46DB-B46E-3A94D931A19C",
"versionEndExcluding": "12.22.9",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "79F6CBBF-22B7-4B71-9C3B-5F32B32B8271",
"versionEndExcluding": "14.18.3",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "E81EF2EF-0BD7-45D5-93B1-883DCDD67F03",
"versionEndExcluding": "16.13.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "9DF5B801-BC99-4F91-B350-C14A5998532C",
"versionEndExcluding": "17.3.1",
"versionStartIncluding": "17.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB1E9C2-30CD-4DD2-BB9F-AF59B8DA9B9E",
"versionEndIncluding": "8.0.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "727AE4B8-ECED-4942-B378-AC869D39D8D0",
"versionEndIncluding": "8.0.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747",
"versionEndIncluding": "8.0.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09EB3F75-D06D-4418-913B-37DBF851EE45",
"versionEndIncluding": "8.0.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BDC629D-CC4C-4903-8A06-BF5823457996",
"versionEndIncluding": "8.0.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to the formatting logic of the \"console.table()\" function it was not safe to allow user controlled input to be passed to the \"properties\" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be \"__proto__\". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js \u003e= 12.22.9, \u003e= 14.18.3, \u003e= 16.13.2, and \u003e= 17.3.1 use a null protoype for the object these properties are being assigned to."
},
{
"lang": "es",
"value": "Debido a la l\u00f3gica de formato de la funci\u00f3n \"console.table()\" no era seguro permitir que pasara la entrada controlada por el usuario al par\u00e1metro \"properties\" mientras pasaba simult\u00e1neamente un objeto plano con al menos una propiedad como primer par\u00e1metro, que pod\u00eda ser \"__proto__\". La contaminaci\u00f3n del prototipo presenta un control muy limitado, ya que s\u00f3lo permite asignar una cadena vac\u00eda a las claves num\u00e9ricas del prototipo del objeto.Node.js versiones posteriores a 12.22.9 incluy\u00e9ndola, versiones posteriores a 14.18.3 incluy\u00e9ndola, versiones posteriores a 16.13.2 incluy\u00e9ndola, y versiones posteriores a 17.3.1 incluy\u00e9ndola, usan un prototipo nulo para el objeto al que es asignada estas propiedades.\n"
}
],
"id": "CVE-2022-21824",
"lastModified": "2024-11-21T06:45:30.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-24T19:15:10.080",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1431042"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5170"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1431042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-471"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-28 20:15
Modified
2024-11-21 08:00
Severity ?
Summary
When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E7F6F9A-AF9F-453B-870D-1E8759567F29",
"versionEndExcluding": "16.20.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA02CEF-5AC5-46F7-94DE-D9EA15678AE7",
"versionEndExcluding": "18.16.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAA23E6-4930-4326-9CB0-AEE5013BFD37",
"versionEndExcluding": "20.3.1",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20."
},
{
"lang": "es",
"value": "Cuando se utiliza una clave p\u00fablica no v\u00e1lida para crear x509 certificates utilizando la API crypto.X509Certificate(), se produce una terminaci\u00f3n no esperada que la hace susceptible a ataques DoS cuando el atacante podr\u00eda forzar interrupciones en el procesamiento de la aplicaci\u00f3n, ya que el proceso finaliza al acceder a la informaci\u00f3n de clave p\u00fablica de los certificados proporcionados desde el c\u00f3digo de usuario. El contexto actual de los usuarios desaparecer\u00e1 y eso provocar\u00e1 un escenario DoS. Esta vulnerabilidad afecta a todas las versiones activas de Node.js v16, v18 y v20."
}
],
"id": "CVE-2023-30588",
"lastModified": "2024-11-21T08:00:28.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-28T20:15:07.437",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases"
},
{
"source": "support@hackerone.com",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-21 17:15
Modified
2024-11-21 08:02
Severity ?
Summary
The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.
This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.
Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F75B0DBB-A86A-4F14-8F4E-63ABA2DF1F35",
"versionEndIncluding": "16.20.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "686E16B9-C6B9-4EF8-9B0F-913203469EF8",
"versionEndIncluding": "18.17.0",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15EAF008-AA6F-4A70-9FFA-F4EE4DE53E44",
"versionEndIncluding": "20.5.0",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js."
},
{
"lang": "es",
"value": "El uso de \u0027Module._load()\u0027 puede omitir el mecanismo de pol\u00edticas y requerir m\u00f3dulos fuera de la definici\u00f3n policy.json para un m\u00f3dulo determinado. Esta vulnerabilidad afecta a todos los usuarios que utilizan el mecanismo de directiva experimental en todas las l\u00edneas de versi\u00f3n activas: 16.x, 18.x y 20.x. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, la pol\u00edtica es una caracter\u00edstica experimental de Node.js."
}
],
"id": "CVE-2023-32002",
"lastModified": "2024-11-21T08:02:30.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-21T17:15:47.000",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1960870"
},
{
"source": "support@hackerone.com",
"url": "https://security.netapp.com/advisory/ntap-20230915-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1960870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230915-0009/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-01 00:15
Modified
2025-02-13 17:16
Severity ?
Summary
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "C5D7BC2C-D9AF-4048-9D36-55BF7CB6632B",
"versionEndExcluding": "16.20.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "5C30F3E9-6CB7-4616-824E-A97BB69FB7E3",
"versionEndExcluding": "18.16.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "220A3D52-0B69-438A-B042-F19694CC63F1",
"versionEndExcluding": "20.3.1",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).\r\n\r\nThe CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20"
}
],
"id": "CVE-2023-30589",
"lastModified": "2025-02-13T17:16:25.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-01T00:15:10.293",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/2001873"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE/"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY/"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230803-0009/"
},
{
"source": "support@hackerone.com",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/2001873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230803-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-29 13:29
Modified
2024-11-21 03:38
Severity ?
Summary
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5953EAB1-D0E8-48EA-B07D-3B828E6BB326",
"versionEndIncluding": "1.1.0i",
"versionStartIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F69F3542-173D-4E0D-99BB-42FDD206D996",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "5725F854-27B7-4BC1-8DCA-FAC0B4E41139",
"versionEndExcluding": "10.12.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "4E62EA78-C705-4AC9-9C0B-3C9114087C37",
"versionEndExcluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:10.13.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "541EAE2B-5446-46CE-BC91-13188EAD6092",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB30733E-68FC-49C4-86C0-7FEE75C366BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6361DAC6-600F-4B15-8797-D67F298F46FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF1DFDA-FB66-4CEA-A658-B167326D1D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
"matchCriteriaId": "7E49ACFC-FD48-4ED7-86E8-68B5B753852C",
"versionStartIncluding": "9.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
"matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF5449D-22D2-48B4-8F50-57B43DCB15B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BD941CDF-8486-43F7-9D98-2B8785B1B139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE18990-1FC9-4624-971B-2E87BF0871AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C29F2D-CBE6-4E22-98AE-787E939ED161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B4E766-8D75-48A9-8267-6EE1407B949D",
"versionEndIncluding": "5.6.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F17AD8D0-6D79-4E7D-9CD6-9B130A529C5D",
"versionEndIncluding": "5.7.24",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C743C44C-2E97-4E5E-8C76-FC0E666BA115",
"versionEndIncluding": "8.0.13",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1E1023-2EB9-4334-9B74-CA71480F71C2",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84BF6794-2CE6-407F-B8E0-81871AB7B40B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93A4E178-0082-45C5-BBC0-0A4E51C8B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F021C23-AB9B-4877-833F-D01359A98762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8ED016-32A1-42EE-844E-3E6B2C116B74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A046CC2C-445F-4336-8810-930570B4FEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0745445C-EC43-4091-BA7C-5105AFCC6F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B5265C91-FF5C-4451-A7C2-D388A65ACFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92A6A7BA-CCE6-426F-8434-7A578A245180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B52550D1-38F6-4AAC-BE68-487F7D6DB2D8",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F69D90-6F4D-4D09-8F60-E36072303E32",
"versionEndExcluding": "5.2.24",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)."
},
{
"lang": "es",
"value": "Se ha demostrado que el algoritmo de firmas ECDSA en OpenSSL es vulnerable a un ataque de sincronizaci\u00f3n de canal lateral. Un atacante podr\u00eda emplear variaciones en el algoritmo de firma para recuperar la clave privada. Se ha solucionado en OpenSSL 1.1.0j (afecta a 1.1.0-1.1.0i). Se ha solucionado en OpenSSL 1.1.1a (afecta a 1.1.1)."
}
],
"id": "CVE-2018-0735",
"lastModified": "2024-11-21T03:38:50.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-29T13:29:00.263",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105750"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041986"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3700"
},
{
"source": "openssl-security@openssl.org",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1"
},
{
"source": "openssl-security@openssl.org",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20181029.txt"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20181029.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-04 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE633C2-8643-4674-B321-0F11F5FD3EC8",
"versionEndExcluding": "1.0.2k",
"versionStartIncluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88B53681-5AB9-4081-8285-D8F6A82008C6",
"versionEndExcluding": "1.1.0c",
"versionStartIncluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "934083EB-2961-49FF-B8D7-B870D1FA3CB8",
"versionEndExcluding": "4.7.3",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "14346EBC-1890-472B-B236-06FE381229EC",
"versionEndExcluding": "6.9.5",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "2EE58CC5-2E12-4DA9-8AF2-9739CE393008",
"versionEndExcluding": "7.5.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker\u0027s direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected."
},
{
"lang": "es",
"value": "Existe un error de propagaci\u00f3n de acarreo en el procedimiento de multiplicaci\u00f3n Montgomery Broadwell-specific en OpenSSL 1.0.2 y 1.1.0 en versiones anteriores a la 1.1.0c, que maneja longitudes de entrada divisibles por, pero m\u00e1s largas que 256 bits. El an\u00e1lisis sugiere que los ataques contra las claves privadas RSA, DSA y DH son imposibles. Esto se debe a que dicha subrutina no se utiliza en operaciones con la clave privada y una entrada elegida directamente por el atacante. En caso contrario, el error puede manifestarse como una autenticaci\u00f3n transitoria o con errores en la negociaci\u00f3n de claves o en un resultado err\u00f3neo reproducible en operaciones de clave p\u00fablica a trav\u00e9s de una entrada especialmente dise\u00f1ada. Entre los algoritmos de Curva Eliptica solo los Brainpool P-512 est\u00e1n afectados y presumiblemente puede atacarse la negociaci\u00f3n de claves ECDH. El impacto no se analiz\u00f3 en detalle, ya que los requisitos previos para el ataque se consideran improbables. Notese que varios clientes tienen que elegir la curva en cuesti\u00f3n y el servidor tiene que compartir la clave privada entre ellos, lo que no es un comportamiento por defecto en ning\u00fan caso. Incluso en esa situaci\u00f3n, s\u00f3lo los clientes que eligieron la curva se ver\u00e1n afectados."
}
],
"id": "CVE-2016-7055",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-04T20:29:00.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94242"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037261"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2185"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2186"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03752en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-07"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20161110.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03752en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20161110.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2017-04"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-14 15:15
Modified
2024-11-21 07:05
Severity ?
Summary
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| llhttp | llhttp | * | |
| llhttp | llhttp | * | |
| llhttp | llhttp | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 | |
| siemens | sinec_ins | 1.0 | |
| siemens | sinec_ins | 1.0 | |
| siemens | sinec_ins | 1.0 | |
| debian | debian_linux | 11.0 | |
| stormshield | stormshield_management_center | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "E47EBF6E-EAF4-4853-A7F1-49B0E2880E44",
"versionEndExcluding": "14.20.1",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "BF84A61F-30D6-4D93-BCBD-C856D671B68B",
"versionEndExcluding": "16.17.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65CED312-C629-4515-A3F4-84E889159D4A",
"versionEndExcluding": "18.9.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482",
"versionEndIncluding": "14.14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "3EB02718-B2A5-4822-B611-D62BB9EF44B0",
"versionEndExcluding": "14.20.0",
"versionStartIncluding": "14.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1D1D0CEC-62E5-4368-B8F2-1DA5DD0B88FA",
"versionEndIncluding": "16.12.0",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "D9D9B02E-C965-408B-999E-1F3DA09B62AA",
"versionEndExcluding": "16.16.0",
"versionStartIncluding": "16.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D224E154-915A-4E2C-A0D7-D28D1C1472F7",
"versionEndExcluding": "18.5.0",
"versionStartIncluding": "18.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57CACB72-BAD7-41F6-9977-321DA7F79519",
"versionEndExcluding": "3.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The llhttp parser \u003cv14.20.1, \u003cv16.17.1 and \u003cv18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS)."
},
{
"lang": "es",
"value": "El parser llhttp anteriores a la versi\u00f3n v14.20.1, anteriores a la versi\u00f3n v16.17.1 y anteriores a la versi\u00f3n v18.9.1 del m\u00f3dulo http en Node.js no maneja correctamente las cabeceras Transfer-Encoding de varias l\u00edneas. Esto puede llevar al contrabando de solicitudes HTTP (HRS)"
}
],
"id": "CVE-2022-32215",
"lastModified": "2024-11-21T07:05:56.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T15:15:08.387",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1501679"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1501679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-15 21:29
Modified
2024-11-21 04:08
Severity ?
Summary
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F608F84-5A94-4DC1-A7B8-E19028F96A40",
"versionEndExcluding": "6.14.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "468A9D35-95E1-473B-A5D3-9BD78818F599",
"versionEndExcluding": "8.11.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48A01678-361E-4F23-B7D6-41B0C145F491",
"versionEndExcluding": "10.9.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF92E05-808F-4D22-BD55-3571BF46889F",
"versionEndExcluding": "1.0.2q",
"versionStartIncluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B64CB987-8B48-4B65-BC6A-B39F1F69F4B7",
"versionEndExcluding": "1.1.0i",
"versionStartIncluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB469FA-ECF9-42D8-8CF0-7C8B426FD7B2",
"versionEndExcluding": "8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BD941CDF-8486-43F7-9D98-2B8785B1B139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE18990-1FC9-4624-971B-2E87BF0871AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C29F2D-CBE6-4E22-98AE-787E939ED161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2049488-5CE2-4C56-8B0E-BA7C499A7372",
"versionEndIncluding": "3.12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81B25011-AEFA-453D-AF1E-5945AB625767",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "3.12.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1E1023-2EB9-4334-9B74-CA71480F71C2",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84BF6794-2CE6-407F-B8E0-81871AB7B40B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93A4E178-0082-45C5-BBC0-0A4E51C8B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F021C23-AB9B-4877-833F-D01359A98762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8ED016-32A1-42EE-844E-3E6B2C116B74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A046CC2C-445F-4336-8810-930570B4FEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0745445C-EC43-4091-BA7C-5105AFCC6F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92A6A7BA-CCE6-426F-8434-7A578A245180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B52550D1-38F6-4AAC-BE68-487F7D6DB2D8",
"versionEndExcluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5E92F9B3-3841-4C05-88F0-CEB0735EA4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
},
{
"lang": "es",
"value": "SMT (Simultaneous Multi-threading) en los procesadores puede habilitar que usuarios locales exploten software vulnerable a ataques de sincronizaci\u00f3n mediante un ataques de sincronizaci\u00f3n de canal lateral en la \"contenci\u00f3n de puertos\"."
}
],
"id": "CVE-2018-5407",
"lastModified": "2024-11-21T04:08:45.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-15T21:29:00.233",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105897"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0483"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0651"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0652"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://eprint.iacr.org/2018/1060.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/bbbrumley/portsmash"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
},
{
"source": "cret@cert.org",
"url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45785/"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://eprint.iacr.org/2018/1060.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/bbbrumley/portsmash"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45785/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-17"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-28 20:15
Modified
2024-11-21 08:00
Severity ?
Summary
The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values".
The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E7F6F9A-AF9F-453B-870D-1E8759567F29",
"versionEndExcluding": "16.20.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA02CEF-5AC5-46F7-94DE-D9EA15678AE7",
"versionEndExcluding": "18.16.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAA23E6-4930-4326-9CB0-AEE5013BFD37",
"versionEndExcluding": "20.3.1",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: \"Generates private and public Diffie-Hellman key values\".\n\nThe documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad."
},
{
"lang": "es",
"value": "La funci\u00f3n API generateKeys() devuelta por crypto.createDiffieHellman() solo genera claves faltantes (o desactualizadas), es decir, solo genera una clave privada si a\u00fan no se ha configurado ninguna, pero la funci\u00f3n tambi\u00e9n es necesaria para calcular la clave p\u00fablica correspondiente. despu\u00e9s de llamar a setPrivateKey(). Sin embargo, la documentaci\u00f3n dice que esta llamada API: \"Genera valores de clave Diffie-Hellman p\u00fablicos y privados\". El comportamiento documentado es muy diferente del comportamiento real, y esta diferencia podr\u00eda conducir f\u00e1cilmente a problemas de seguridad en las aplicaciones que utilizan estas API, ya que DiffieHellman puede usarse como base para la seguridad a nivel de aplicaci\u00f3n; en consecuencia, las implicaciones son amplias."
}
],
"id": "CVE-2023-30590",
"lastModified": "2024-11-21T08:00:28.723",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-28T20:15:07.480",
"references": [
{
"source": "support@hackerone.com",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-07 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2E637C-EA49-4DB6-B4D5-B4684A9549C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1966CED-11A1-4328-A57E-308BE5E4CCD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F46AD2-BB74-4391-8A4F-7BE49EF41F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC36E36A-9592-49DA-AACE-B3638FC55F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B98E9F42-08BC-49B5-90C8-AC3EA7960C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA37EF5-DF97-467B-9A56-1611345387FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0BD0C1-2294-4AFB-B4AE-C81576FB9AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4057D560-81EE-49ED-888C-89560DBE3348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F87810E1-BDAD-455D-82E3-334CC102AB2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC00B3A-3C9D-4487-9686-775CBAA1CC42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7C0A4F5B-4546-414C-A209-07C27ED1C944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2515087F-B272-4B76-99F4-ACA0C2460046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7016DE-A3A5-450B-9FBD-2C98A07FF3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1848A7-E68E-4CB4-B73C-C5200ABAC9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*",
"matchCriteriaId": "59F861AB-574A-41BF-8E2D-6440B35C2AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*",
"matchCriteriaId": "41C8CEF8-49E1-4CB0-837B-E85C76BF9DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7101A5-FDC9-4897-B8E8-6A07790D42A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*",
"matchCriteriaId": "F7776F01-29AC-4161-9C91-C7392C6A356E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3CADD766-8328-4669-BE66-A4757D5FB471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9792E9-2593-46B4-9633-E2F2DB11106B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*",
"matchCriteriaId": "FF209248-8921-419A-86EB-30E7095E4514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2C0D6C34-E046-40BD-907D-0E2510C09A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E5CBB83F-19AD-44BD-B7D4-19C1A8F80011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E2EA97-156D-4870-8967-78E4ED6EF64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*",
"matchCriteriaId": "54961BCA-8730-4B40-8385-41F6D65797F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B22FA598-E613-4652-92CD-237F749D13DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F321AF-FCC7-456D-AFE2-2CEF9CBAFCC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*",
"matchCriteriaId": "18F2EC65-2A47-4C45-8D58-63D18443B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*",
"matchCriteriaId": "D0517A28-70F9-4947-BEF0-9CC645388BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DD5BBD-922E-4026-9DEC-98CF9411CE95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*",
"matchCriteriaId": "63E078BA-8BDC-47EB-84B9-09B785FD1213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9971A7-1C18-43C0-97BC-27096609EFC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA5107B-4347-4D43-ADA6-141527A40333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*",
"matchCriteriaId": "0C679CFA-50D4-430B-B372-113CE236EACC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AA6FEE-C630-4545-BCCF-3C211461C6C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*",
"matchCriteriaId": "682E8A32-1F1E-4427-BAD8-58596F85F170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*",
"matchCriteriaId": "C9827EF0-E340-4A75-9735-F20CDF09CA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C02C09-D738-45B1-BF6F-A4499E5F8D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*",
"matchCriteriaId": "EE85CACC-842F-46C7-966D-48E866055A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*",
"matchCriteriaId": "771BCA5F-B762-4569-AB46-08A13A4EFD5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*",
"matchCriteriaId": "21E05024-3647-456D-A731-D19411FED2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*",
"matchCriteriaId": "89929EB1-D723-496B-A7C6-4B4CD9C176B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*",
"matchCriteriaId": "D3EA4652-EF0E-414C-AEB8-AEFE788B66A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E907669-AC7F-4840-A8FB-C03BA0F03D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "598E60BD-1144-4EAE-ADCB-88974EF58642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B0896B44-9893-4D71-9733-C9B6979F8013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.11.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4319C3C1-E929-4A3A-BA89-C8C59CDE7B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "41030972-0AA3-4B5A-9AA6-55AC781024FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "57CC3E52-5717-44C3-9DDB-1E9396DCC628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "47D758D2-7AEE-46AB-A802-1805638F30F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.11.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7C6F3A-CE6E-4F4B-A976-074D168946B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAE858C-23B6-4417-AA3C-24BC239ADF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5B5DD6-1BA5-47AA-ADD3-0FF3FBF20A64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "48C51C6F-0D21-463D-989E-A1F7C6D4E0BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9002F9-87C4-4C7F-9BD9-430EB15CD4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21EF734D-9E6B-4E01-9AFE-C0B847D583A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12606C39-6F39-4DDF-9B36-A160875B265F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4D8789-33C3-498A-857D-CC6576732C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "466E8851-6BE7-4716-AB16-3E985411C35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C4DB21-F35A-4567-8B04-85DB3089CDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7E7436-117A-4F79-BA7A-2A0059BB9694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "037511C2-3FA9-4A4C-996B-A1462C221DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "65EEB1B9-2E75-46F4-B70C-94991D38B427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5C5750-10F3-45D7-AC9B-7EA06F4B3887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0390D600-532D-4675-95BB-10EC4E06F3E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35AAF7CD-9AE6-4A4B-858E-4B17031BD058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DCB6010-AC31-4B61-9DA6-E119ADC5D70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5364365-36F1-49C0-BF8D-2D5054BC7B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0740684D-989A-4957-8AC1-AAB01A04E393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08C97202-6AEC-4B8D-B3F6-49F6AEF9CFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFA073A-9AC2-4162-9DDA-B6CD0AE53D3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8FD4B3-D515-486A-94A3-29CBDA2E25CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55E18631-9502-42CC-A85A-EA5742FDC317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCBC213-1524-4C88-9EB3-52E003070A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C928FB55-2F33-4458-8484-4010AE8883A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64F7E56E-CA65-47C3-9ADA-F13A834D3961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "183A5888-01C5-4977-9C66-1467FFA6D457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F811E8BB-F1C8-43BE-BEAD-FC4FE122ABEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDE8D29-7C15-44D1-8D5C-0E438D9DE029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCA3C10-FB37-4256-812A-EB8A3A095E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54197CC5-9C7D-4DCE-A60F-625DE246E5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6173A6E4-F472-46CF-9762-6F3CAAFD9C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C25A52-E3C0-4429-AB96-1E33523E51D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a."
},
{
"lang": "es",
"value": "El c\u00f3digo de interpretacci\u00f3n de cabecera HTTP en Node.js 0.10.x en versiones anteriores a 0.10.42, 0.11.6 hasta la versi\u00f3n 0.11.16, 0.12.x en versiones anteriores a 0.12.10, 4.x en versiones anteriores a 4.3.0 y 5.x en versiones anteriores a 5.6.0 permite a atacantes remotos eludir un mecanismo de protecci\u00f3n de separaci\u00f3n de respuesta HTTP a trav\u00e9s de caracteres Unicode codificados en UTF-8 en la cabecera HTTP, seg\u00fan lo demonstrado mediante %c4%8d%c4%8a."
}
],
"id": "CVE-2016-2216",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-07T21:59:02.790",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.safebreach.com/2016/02/09/http-response-splitting-in-node-js-root-cause-analysis/"
},
{
"source": "cve@mitre.org",
"url": "http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/135711/Node.js-HTTP-Response-Splitting.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/83141"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201612-43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.safebreach.com/2016/02/09/http-response-splitting-in-node-js-root-cause-analysis/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/135711/Node.js-HTTP-Response-Splitting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/83141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201612-43"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-14 15:15
Modified
2024-11-21 07:05
Severity ?
Summary
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482",
"versionEndIncluding": "14.14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "1D907C43-56F3-4FB8-8F20-C90C65EE5A08",
"versionEndExcluding": "14.20.1",
"versionStartIncluding": "14.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1D1D0CEC-62E5-4368-B8F2-1DA5DD0B88FA",
"versionEndIncluding": "16.12.0",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "09BD0FC2-5AA1-4A22-8432-A2EEA314FE09",
"versionEndExcluding": "16.17.1",
"versionStartIncluding": "16.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D224E154-915A-4E2C-A0D7-D28D1C1472F7",
"versionEndExcluding": "18.5.0",
"versionStartIncluding": "18.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5",
"versionEndExcluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A OS Command Injection vulnerability exists in Node.js versions \u003c14.20.0, \u003c16.20.0, \u003c18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de inyecci\u00f3n de comandos en el Sistema Operativo en Node.js versiones anteriores a 14.20.0, anteriores a 16.16.0, anteriores a 18.5.0, debido a una comprobaci\u00f3n insuficiente de IsAllowedHost que puede ser f\u00e1cilmente omitida porque IsIPAddress no comprueba correctamente si una direcci\u00f3n IP no es v\u00e1lida antes de realizar peticiones DBS permitiendo ataques de reenganche."
}
],
"id": "CVE-2022-32212",
"lastModified": "2024-11-21T07:05:56.093",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T15:15:08.237",
"references": [
{
"source": "support@hackerone.com",
"url": "https://hackerone.com/reports/1632921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hackerone.com/reports/1632921"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-12 11:15
Modified
2024-11-21 05:50
Severity ?
Summary
Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | Patch, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/1211160 | Exploit, Third Party Advisory | |
| support@hackerone.com | https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/ | Patch, Release Notes, Vendor Advisory | |
| support@hackerone.com | https://security.netapp.com/advisory/ntap-20210805-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1211160 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/ | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210805-0003/ | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "7AD27D57-32D0-4149-9AB9-BF092356A732",
"versionEndExcluding": "12.22.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "B0F0E3AC-D47F-44AA-8846-ABE7E492136D",
"versionEndExcluding": "14.17.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "9E32D86B-F137-4195-8AA9-34FF5C0AC50A",
"versionEndExcluding": "16.4.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking."
},
{
"lang": "es",
"value": "Node.js versiones anteriores a 16.4.1, 14.17.2 y 12.22.2, es vulnerable a ataques de escalada de privilegios locales bajo determinadas condiciones en plataformas Windows. M\u00e1s concretamente, una configuraci\u00f3n inapropiada de los permisos en el directorio de instalaci\u00f3n permite a un atacante llevar a cabo dos ataques de escalada diferentes: PATH y secuestro de DLL"
}
],
"id": "CVE-2021-22921",
"lastModified": "2024-11-21T05:50:55.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-12T11:15:08.017",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1211160"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210805-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1211160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210805-0003/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-23 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/04/20/11 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/86957 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://nodesecurity.io/advisories/31 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/04/20/11 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/86957 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodesecurity.io/advisories/31 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "848035BC-647E-497A-B89F-53427DB791E5",
"versionEndIncluding": "4.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a \"regular expression denial of service (ReDoS).\""
},
{
"lang": "es",
"value": "El paquete semver en versiones anteriores a 4.3.2 para Node.js permite a atacantes provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de una cadena de versi\u00f3n larga, vulnerabilidad tambi\u00e9n conocida como \"denegaci\u00f3n de servicio de expresi\u00f3n regular (ReDoS)\"."
}
],
"id": "CVE-2015-8855",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-23T21:59:00.503",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/11"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/86957"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodesecurity.io/advisories/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/86957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodesecurity.io/advisories/31"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-07 15:15
Modified
2024-11-21 04:29
Severity ?
Summary
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 30 | |
| opensuse | leap | 15.1 | |
| redhat | software_collections | 1.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_eus | 7.7 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_eus | 8.2 | |
| redhat | enterprise_linux_eus | 8.4 | |
| redhat | enterprise_linux_eus | 8.6 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.7 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.6 | |
| redhat | enterprise_linux_server_tus | 7.7 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.6 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| oracle | graalvm | 19.3.1 | |
| oracle | graalvm | 20.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "E92EC0A2-0C04-4226-8905-5F580DF41F82",
"versionEndExcluding": "10.19.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "BA72B481-FA0B-473E-8E23-F0FC3D4C57F0",
"versionEndExcluding": "12.15.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D5B70848-F6C3-4131-8A91-6BA3379ED646",
"versionEndExcluding": "13.8.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.3.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "52D0A602-6044-4D93-9E67-4B24BE3BAD0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "ED734878-EBEA-418E-88A0-0C30AAB477E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed"
},
{
"lang": "es",
"value": "El tr\u00e1fico no autorizado de peticiones HTTP en Node.js versiones 10, 12 y 13, causa la entrega maliciosa de la carga \u00fatil cuando la codificaci\u00f3n de transferencia es malformada."
}
],
"id": "CVE-2019-15605",
"lastModified": "2024-11-21T04:29:06.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-07T15:15:11.287",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0573"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0579"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0597"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0598"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0602"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0703"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0707"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0708"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/735748"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CT3WTR4P5VAJ3GJGKPYEDUPTNZ3IEDUR/"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLB676PDU4RJQLWQUA277YNGYYNEYGWO/"
},
{
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v10.19.0/"
},
{
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v12.15.0/"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v13.8.0/"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200221-0004/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/735748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CT3WTR4P5VAJ3GJGKPYEDUPTNZ3IEDUR/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLB676PDU4RJQLWQUA277YNGYYNEYGWO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v10.19.0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v12.15.0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/release/v13.8.0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200221-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-13 21:15
Modified
2025-01-14 19:29
Severity ?
Summary
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93988E60-006B-434D-AB16-1FA1D2FEBC2A",
"versionEndIncluding": "1.4.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D294D56-E784-4DA8-9C2C-BC5A05C92C0C",
"versionStartIncluding": "10.12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B1D2F6-BC1F-47AF-B4E6-4B50986AC622",
"versionStartIncluding": "14.04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "603BF43B-FC99-4039-A3C0-467F015A32FA",
"versionEndIncluding": "6.2.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07BB02CE-D4F2-459C-B0C6-FF78BF7996AE",
"versionEndIncluding": "7.1.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D875E0D8-D109-4F7F-A4C4-9EDD66CEE74E",
"versionEndIncluding": "8.0.3",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C997777-BE79-4F77-90D7-E1A71D474D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9685B12-824F-42AD-B87C-6E7A78BB7FA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0C5120-B961-440F-B454-584BC54B549C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCBDFF9-AF42-4681-879B-CF789EBAD130",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2466282-51AB-478D-9FF4-FA524265ED2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0952BA1A-5DF9-400F-B01F-C3A398A8A2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B157A2D-3422-4224-82D9-15AB3B989075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "732F14CE-7994-4DD2-A28B-AE9E79826C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C120C2F1-D50D-49CC-8E96-207ACCA49674",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "765E9856-2748-4A8B-91F5-A4DB3C8C547A",
"versionEndExcluding": "7.7.2.24",
"versionStartIncluding": "7.7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6E66B1-3291-4E8E-93D6-30E9FDCF983E",
"versionEndExcluding": "7.8.2.13",
"versionStartIncluding": "7.8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "227104AD-396D-4ADD-87C7-C4CD5583DA04",
"versionEndExcluding": "8.2.0",
"versionStartIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68DD813A-1BC4-45FB-A3C4-E1BCE5F82EC1",
"versionEndExcluding": "1.16.1",
"versionStartIncluding": "1.9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1705D3-ABAB-477E-9572-7D4DBAB4E38B",
"versionEndIncluding": "1.17.2",
"versionStartIncluding": "1.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E11C65C3-1B17-4362-A99C-59583081A24D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348EEE70-E114-4720-AAAF-E77DE5C9A2D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "CFC0252A-DF1D-4CF4-B450-27267227B599",
"versionEndExcluding": "8.16.1",
"versionStartIncluding": "8.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "25A3180B-21AF-4010-9DAB-41ADFD2D8031",
"versionEndIncluding": "10.12.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "2EC65858-FF7B-4171-82EA-80942D426F40",
"versionEndExcluding": "10.16.3",
"versionStartIncluding": "10.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F522C500-AA33-4029-865F-F27FB00A354E",
"versionEndExcluding": "12.8.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both."
},
{
"lang": "es",
"value": "Algunas implementaciones de HTTP / 2 son vulnerables a la manipulaci\u00f3n del tama\u00f1o de la ventana y la manipulaci\u00f3n de priorizaci\u00f3n de flujo, lo que puede conducir a una denegaci\u00f3n de servicio. El atacante solicita una gran cantidad de datos de un recurso especificado a trav\u00e9s de m\u00faltiples flujos. Manipulan el tama\u00f1o de la ventana y la prioridad de transmisi\u00f3n para obligar al servidor a poner en cola los datos en fragmentos de 1 byte. Dependiendo de cu\u00e1n eficientemente se pongan en cola estos datos, esto puede consumir un exceso de CPU, memoria o ambos."
}
],
"id": "CVE-2019-9511",
"lastModified": "2025-01-14T19:29:55.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cret@cert.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-13T21:15:12.223",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2692"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2745"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2746"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2775"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2799"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2949"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3041"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/40"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/1"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K02591030"
},
{
"source": "cret@cert.org",
"url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K02591030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-16 18:15
Modified
2024-11-21 07:47
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "6E9FAEC6-2D3A-4CBE-859F-11BCECC4F724",
"versionEndExcluding": "16.19.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "80500AD0-17C2-4698-AE03-1C6782FD38B0",
"versionEndExcluding": "18.14.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8F4FCD16-4B9F-44B9-80DD-D024759CAB10",
"versionEndExcluding": "19.6.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "0B81E26E-5BF8-495E-9544-E9688B6AE5BA",
"versionEndExcluding": "5.19.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici."
}
],
"id": "CVE-2023-23936",
"lastModified": "2024-11-21T07:47:08.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-16T18:15:10.877",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/nodejs/undici/releases/tag/v5.19.1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1820955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/nodejs/undici/releases/tag/v5.19.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1820955"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-93"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-14 15:15
Modified
2024-11-21 07:05
Severity ?
Summary
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| llhttp | llhttp | * | |
| llhttp | llhttp | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 | |
| siemens | sinec_ins | 1.0 | |
| siemens | sinec_ins | 1.0 | |
| siemens | sinec_ins | 1.0 | |
| debian | debian_linux | 11.0 | |
| stormshield | stormshield_management_center | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "C2150173-C986-4D63-AA7F-9618AA856F2C",
"versionEndExcluding": "2.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "FBB4A716-D0D0-4319-BAF0-7F012973330A",
"versionEndExcluding": "6.0.7",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482",
"versionEndIncluding": "14.14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "1D907C43-56F3-4FB8-8F20-C90C65EE5A08",
"versionEndExcluding": "14.20.1",
"versionStartIncluding": "14.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1D1D0CEC-62E5-4368-B8F2-1DA5DD0B88FA",
"versionEndIncluding": "16.12.0",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "09BD0FC2-5AA1-4A22-8432-A2EEA314FE09",
"versionEndExcluding": "16.17.1",
"versionStartIncluding": "16.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "DA8C00DD-A6E5-4E3D-8DD4-F4B51F5C208A",
"versionEndExcluding": "18.9.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57CACB72-BAD7-41F6-9977-321DA7F79519",
"versionEndExcluding": "3.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The llhttp parser \u003cv14.20.1, \u003cv16.17.1 and \u003cv18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS)."
},
{
"lang": "es",
"value": "El analizador llhttp anteriores a la versi\u00f3n v14.20.1, anteriores a la versi\u00f3n v16.17.1 y anteriores a la versi\u00f3n v18.9.1 del m\u00f3dulo http en Node.js no analiza y valida correctamente las cabeceras Transfer-Encoding y puede dar lugar a HTTP Request Smuggling (HRS)"
}
],
"id": "CVE-2022-32213",
"lastModified": "2024-11-21T07:05:56.257",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T15:15:08.287",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1524555"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1524555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-28 17:29
Modified
2024-12-13 14:15
Severity ?
Summary
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "30C30A13-A774-48C1-A0FC-1F31327DE909",
"versionEndExcluding": "6.15.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "1B607427-7A5B-4F24-B042-CF4BF95DC185",
"versionEndExcluding": "8.14.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "34D3C40A-3BE7-42A4-BE15-762CEE1754C4",
"versionEndExcluding": "10.14.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "4E62EA78-C705-4AC9-9C0B-3C9114087C37",
"versionEndExcluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect."
},
{
"lang": "es",
"value": "Node.js: Todas las versiones anteriores a la 6.15.0, 8.14.0, 10.14.0 y 11.3.0: Suplantaci\u00f3n dek nombre del host en un analizador de URL para el protocolo JavaScript. Si una aplicaci\u00f3n de Node.js est\u00e1 empleando url.parse() para determinar el nombre de host de la URL, dicho nombre puede suplantarse mediante un protocolo \"javascript:\" de letra mixta (por ejemplo, \"javAscript:\"). Otros protocolos no se han visto afectados. Si se realizan decisiones de seguridad sobre la URL basadas en su nombre de host, podr\u00edan ser incorrectas."
}
],
"id": "CVE-2018-12123",
"lastModified": "2024-12-13T14:15:19.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-28T17:29:00.417",
"references": [
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1821"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20241213-0008/"
}
],
"sourceIdentifier": "cve-request@iojs.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-115"
}
],
"source": "cve-request@iojs.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-28 17:29
Modified
2024-12-13 14:15
Severity ?
Summary
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-request@iojs.org | http://www.securityfocus.com/bid/106043 | Third Party Advisory, VDB Entry | |
| cve-request@iojs.org | https://access.redhat.com/errata/RHSA-2019:1821 | Third Party Advisory | |
| cve-request@iojs.org | https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ | Patch, Vendor Advisory | |
| cve-request@iojs.org | https://security.gentoo.org/glsa/202003-48 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106043 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1821 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202003-48 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20241213-0009/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| suse | suse_enterprise_storage | 4 | |
| suse | suse_linux_enterprise_server | 12 | |
| suse | suse_linux_enterprise_server | 15 | |
| suse | suse_openstack_cloud | 7 | |
| suse | suse_openstack_cloud | 8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "E50DE84C-B33E-46D2-A53C-DE13EB7ACE3F",
"versionEndExcluding": "6.15.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "1B607427-7A5B-4F24-B042-CF4BF95DC185",
"versionEndExcluding": "8.14.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "34D3C40A-3BE7-42A4-BE15-762CEE1754C4",
"versionEndExcluding": "10.14.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "4E62EA78-C705-4AC9-9C0B-3C9114087C37",
"versionEndExcluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:suse_enterprise_storage:4:*:*:*:*:*:*:*",
"matchCriteriaId": "30A38AC5-A8B9-4244-8093-40C77ADFF5F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
"matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:15:*:*:*:*:*:*:*",
"matchCriteriaId": "AF73A3D9-6566-4CBF-AA5F-5A4B99719A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_openstack_cloud:7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B73BE9-4340-4A6B-89FE-A40FC4A10187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_openstack_cloud:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C659D0-D6DB-4313-9208-C0C49FECD290",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time."
},
{
"lang": "es",
"value": "Node.js: Todas las versiones anteriores a la 6.15.0, 8.14.0, 10.14.0 y 11.3.0: Denegaci\u00f3n de servicio (DoS) HTTP mediante Slowloris. Un atacante puede provocar una denegaci\u00f3n de servicio (DoS) enviando cabeceras muy lentamente, manteniendo las conexiones HTTP o HTTPS y los recursos asociados vivos durante un largo per\u00edodo de tiempo."
}
],
"id": "CVE-2018-12122",
"lastModified": "2024-12-13T14:15:19.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-28T17:29:00.370",
"references": [
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106043"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1821"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20241213-0009/"
}
],
"sourceIdentifier": "cve-request@iojs.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "cve-request@iojs.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-08 15:29
Modified
2024-11-21 03:39
Severity ?
Summary
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D406D06D-CFAA-4CBA-AD46-81855AB98930",
"versionEndIncluding": "1.31.0",
"versionStartIncluding": "1.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "2D68FAF3-F5F9-4141-B10F-AB99D620F617",
"versionEndIncluding": "8.17.0",
"versionStartIncluding": "8.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45DB38F2-B756-42E0-81D9-4F1AC0798F40",
"versionEndIncluding": "9.11.2",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "6F40337E-4705-46D3-9731-A3B3A9303A74",
"versionEndExcluding": "10.4.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nghttp2 version \u003e= 1.10.0 and nghttp2 \u003c= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in \u003e= 1.31.1."
},
{
"lang": "es",
"value": "nghttp2 hasta la versi\u00f3n 1.10.0 y nghttp2 en versiones 1.31.0 y anteriores contienen una vulnerabilidad de validaci\u00f3n incorrecta de entradas (CWE-20) en la gesti\u00f3n de tramas ALTSVC que puede resultar en un fallo de segmentaci\u00f3n, lo que provoca una denegaci\u00f3n de servicio (DoS). Este ataque parece ser explotable mediante un cliente de red. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 1.31.1 y posteriores."
}
],
"id": "CVE-2018-1000168",
"lastModified": "2024-11-21T03:39:50.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-08T15:29:00.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103952"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-25 15:15
Modified
2024-11-21 06:21
Severity ?
Summary
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34F17CB9-A706-45F7-ADCB-F095B0581798",
"versionEndExcluding": "1.1.1k",
"versionStartIncluding": "1.1.1h",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*",
"matchCriteriaId": "73D9C08B-8F5B-40C4-A5BD-B00D2E4C012D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "62A178A3-6A52-4981-9A27-FB07AD8AF778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "54A487B1-E5CE-4C76-87E8-518D24C5D86D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:santricity_smi-s_provider_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "255C64D2-51AF-425B-8A01-91DB4D126812",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1E143B-C678-4F62-B51C-CF2A22E11B12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:storagegrid_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA225A10-CED4-484F-ADDB-932FAAECAF5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:storagegrid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "151055B2-9F63-420B-97F4-A434BFBC9A06",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:windriver:linux:-:*:*:*:cd:*:*:*",
"matchCriteriaId": "1662CB7A-B0E8-4D57-AEE4-2115F682D2BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:windriver:linux:17.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "7B99877A-BCA1-49D0-99E6-F95409821B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:windriver:linux:18.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "6F7913BB-308B-47B0-80FC-F820784843EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:windriver:linux:19.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "67613657-08D6-4CBF-AAF4-9355054D24C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "280AA828-6FA9-4260-8EC1-019423B966E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC12300-9051-4C70-9941-9FE5E64B4B30",
"versionEndIncluding": "8.13.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8B7710-2558-4153-B018-55943E10CBE0",
"versionEndIncluding": "8.2.3",
"versionStartIncluding": "8.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "657682A0-54D5-4DC6-A98E-8BAF685926C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC5C76C-3474-4B26-8CF0-2DFAFA3D5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8661D361-71B5-4C41-A818-C89EC551D900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "253603DC-2D92-442A-B3A8-A63E14D8A070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E112CFF-31F9-4D87-9A1B-AE0FCF69615E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61516569-C48F-4362-B334-8CA10EDB0EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "058C7C4B-D692-49DE-924A-C2725A8162D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0F0434A5-F2A1-4973-917C-A95F2ABE97D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "96DD93E0-274E-4C36-99F3-EEF085E57655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86305E47-33E9-411C-B932-08C395C09982",
"versionEndExcluding": "9.2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1CAD50-749F-4ADB-A046-BF3585677A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8782A14-89B0-45EE-A5CB-FF715F5BA379",
"versionEndIncluding": "8.0.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F48F2267-61EA-4F12-ADE9-85CB6F6B290E",
"versionEndIncluding": "8.0.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C40ECC8-933B-47A4-8082-FCF0EF9C973E",
"versionEndIncluding": "5.7.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32714AD7-BCD1-4624-9923-5E6D927CF3CB",
"versionEndIncluding": "8.0.23",
"versionStartIncluding": "8.0.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1A94E1-A6C6-488D-A74C-6C0B24637272",
"versionEndIncluding": "8.0.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73DC7DDB-3405-4734-9A8E-7E1D4646CDEF",
"versionEndIncluding": "8.59",
"versionStartIncluding": "8.57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C01E8B82-71C7-4A4A-A70A-7B147524AB4A",
"versionEndExcluding": "18.1.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA11710-9EA8-49B4-8FD1-3AEE442F6ADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:8.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA7F1FD-9FAB-4654-98B0-4588EEC8B69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:9.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "868B2C4B-CE6B-41DA-A373-7D4FA51EFE9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "550F47A2-3393-481E-BC40-CE606BFA8776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway_cloud_service:8.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "43392D27-6C07-41C7-A17F-10C433338CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway_cloud_service:9.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FBF6C4C-195F-49A7-861D-52677D9BE58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway_cloud_service:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90732D53-E802-4E1B-B6C8-B1FDCE7905A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F6C5D7-AEC1-4792-BBA7-A83542430E1A",
"versionEndExcluding": "10.2.1.0-17sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4A2B7B-40F5-4AE0-ACC7-E94B82435DBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:capture_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F7545BE-AB25-4BB7-8091-8D03BBD910A6",
"versionEndExcluding": "3.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B75C3A-7E3A-434A-A045-44A071CB193B",
"versionEndExcluding": "10.0.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50478447-8102-4BC4-9E96-3165B20B8BE8",
"versionEndIncluding": "7.0.1-r1456",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "5C547B5B-8C6D-49AF-90D4-2F6E2F7E512B",
"versionEndExcluding": "10.24.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "3469E4CF-1739-4BE4-B513-4DC771CD2805",
"versionEndExcluding": "12.22.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1D2CA9D6-98EE-44B7-9C9D-5A6B55BCA025",
"versionEndExcluding": "14.16.1",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "3ED4D313-F372-4CC1-BE11-6BBA2F0E90E3",
"versionEndExcluding": "15.14.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)."
},
{
"lang": "es",
"value": "El flag X509_V_FLAG_X509_STRICT permite llevar a cabo comprobaciones de seguridad adicionales de los certificados presentes en una cadena de certificados. No est\u00e1 establecido por defecto. A partir de la versi\u00f3n 1.1.1h de OpenSSL, se a\u00f1adi\u00f3 como comprobaci\u00f3n estricta adicional la de no permitir certificados en la cadena que tengan par\u00e1metros de curva el\u00edptica codificados expl\u00edcitamente. Un error en la implementaci\u00f3n de esta comprobaci\u00f3n significaba que el resultado de una comprobaci\u00f3n previa para confirmar que los certificados de la cadena son certificados de CA v\u00e1lidos fueron sobrescritos. De este modo, se omite la comprobaci\u00f3n de que los certificados que no son de CA no deben poder emitir otros certificados. Si se ha configurado un \"purpose\", se presenta la posibilidad de comprobar posteriormente que el certificado es una CA v\u00e1lida. Todos los valores de \"purpose\" implementados en libcrypto llevan a cabo esta comprobaci\u00f3n. Por lo tanto, cuando se establece un prop\u00f3sito, la cadena de certificados seguir\u00e1 siendo rechazada inclusive cuando se haya usado el flag strict. Se establece un prop\u00f3sito por defecto en las rutinas de verificaci\u00f3n de certificados de cliente servidor de libssl, pero puede ser anulado o eliminado por una aplicaci\u00f3n. Para que se vea afectada, una aplicaci\u00f3n debe establecer expl\u00edcitamente el flag de verificaci\u00f3n X509_V_FLAG_X509_STRICT y no establecer un prop\u00f3sito para la verificaci\u00f3n de certificados o, en el caso de las aplicaciones de cliente o servidor TLS, anular el prop\u00f3sito por defecto. Este problema afecta a las versiones 1.1.1h y posteriores de OpenSSL. Los usuarios de estas versiones deben actualizar a OpenSSL versi\u00f3n 1.1.1k. OpenSSL versi\u00f3n 1.0.2 no est\u00e1 afectado por este problema. Corregido en OpenSSL versi\u00f3n 1.1.1k (Afectadas versiones 1.1.1h-1.1.1j)"
}
],
"id": "CVE-2021-3450",
"lastModified": "2024-11-21T06:21:33.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-25T15:15:13.560",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "openssl-security@openssl.org",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20210325.txt"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-05"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-08"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20210325.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-09"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-28 02:15
Modified
2024-11-21 08:00
Severity ?
Summary
A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM context, attempts to read the %USERPROFILE% environment variable from the current user's registry.
The issue arises when the path referenced by the %USERPROFILE% environment variable does not exist. In such cases, the "msiexec.exe" process attempts to create the specified path in an unsafe manner, potentially leading to the creation of arbitrary folders in arbitrary locations.
The severity of this vulnerability is heightened by the fact that the %USERPROFILE% environment variable in the Windows registry can be modified by standard (or "non-privileged") users. Consequently, unprivileged actors, including malicious entities or trojans, can manipulate the environment variable key to deceive the privileged "msiexec.exe" process. This manipulation can result in the creation of folders in unintended and potentially malicious locations.
It is important to note that this vulnerability is specific to Windows users who install Node.js using the .msi installer. Users who opt for other installation methods are not affected by this particular issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E7F6F9A-AF9F-453B-870D-1E8759567F29",
"versionEndExcluding": "16.20.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA02CEF-5AC5-46F7-94DE-D9EA15678AE7",
"versionEndExcluding": "18.16.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAA23E6-4930-4326-9CB0-AEE5013BFD37",
"versionEndExcluding": "20.3.1",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the \"msiexec.exe\" process, running under the NT AUTHORITY\\SYSTEM context, attempts to read the %USERPROFILE% environment variable from the current user\u0027s registry.\n\nThe issue arises when the path referenced by the %USERPROFILE% environment variable does not exist. In such cases, the \"msiexec.exe\" process attempts to create the specified path in an unsafe manner, potentially leading to the creation of arbitrary folders in arbitrary locations.\n\nThe severity of this vulnerability is heightened by the fact that the %USERPROFILE% environment variable in the Windows registry can be modified by standard (or \"non-privileged\") users. Consequently, unprivileged actors, including malicious entities or trojans, can manipulate the environment variable key to deceive the privileged \"msiexec.exe\" process. This manipulation can result in the creation of folders in unintended and potentially malicious locations.\n\nIt is important to note that this vulnerability is specific to Windows users who install Node.js using the .msi installer. Users who opt for other installation methods are not affected by this particular issue."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en el proceso de instalaci\u00f3n de Node.js (versi\u00f3n .msi), que afecta espec\u00edficamente a los usuarios de Windows que instalan Node.js utilizando el instalador .msi. Esta vulnerabilidad surge durante la operaci\u00f3n de reparaci\u00f3n, donde el proceso \"msiexec.exe\", que se ejecuta en el contexto NT AUTHORITY\\SYSTEM, intenta leer la variable de entorno %USERPROFILE% del registro del usuario actual. El problema surge cuando la ruta a la que hace referencia la variable de entorno %USERPROFILE% no existe. En tales casos, el proceso \"msiexec.exe\" intenta crear la ruta especificada de forma insegura, lo que podr\u00eda provocar la creaci\u00f3n de carpetas arbitrarias en ubicaciones arbitrarias. La gravedad de esta vulnerabilidad se ve aumentada por el hecho de que los usuarios est\u00e1ndar (o \"sin privilegios\") pueden modificar la variable de entorno %USERPROFILE% en el registro de Windows. En consecuencia, los actores no privilegiados, incluidas entidades maliciosas o troyanos, pueden manipular la clave de la variable de entorno para enga\u00f1ar al proceso privilegiado \"msiexec.exe\". Esta manipulaci\u00f3n puede dar como resultado la creaci\u00f3n de carpetas en ubicaciones no deseadas y potencialmente maliciosas. Es importante tener en cuenta que esta vulnerabilidad es espec\u00edfica de los usuarios de Windows que instalan Node.js utilizando el instalador .msi. Los usuarios que optan por otros m\u00e9todos de instalaci\u00f3n no se ven afectados por este problema en particular."
}
],
"id": "CVE-2023-30585",
"lastModified": "2024-11-21T08:00:28.043",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-28T02:15:42.077",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-15 16:15
Modified
2024-11-21 08:02
Severity ?
Summary
`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory.
This vulnerability affects all users using the experimental permission model in Node.js 20.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "145E971E-F0AF-49A7-8A9C-3AAFE01C076B",
"versionEndIncluding": "20.5.0",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory.\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
},
{
"lang": "es",
"value": "fs.mkdtemp()\u0027 y \u0027fs.mkdtempSync()\u0027 se pueden usar para omitir la comprobaci\u00f3n del modelo de permisos mediante un ataque Path Traversal. Esta falla surge de una comprobaci\u00f3n faltante en la API fs.mkdtemp() y el impacto es que un actor malicioso podr\u00eda crear un directorio arbitrario. Esta vulnerabilidad afecta a todos los usuarios que usan el modelo de permisos experimental en Node.js 20. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el modelo de permisos es una caracter\u00edstica experimental de Node.js."
}
],
"id": "CVE-2023-32003",
"lastModified": "2024-11-21T08:02:30.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T16:15:10.970",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking"
],
"url": "https://hackerone.com/reports/2037887"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230915-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://hackerone.com/reports/2037887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230915-0009/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-03 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | e-series_performance_analyzer | - | |
| oracle | graalvm | 19.3.5 | |
| oracle | graalvm | 20.3.1.2 | |
| oracle | graalvm | 21.0.0.2 | |
| oracle | jd_edwards_enterpriseone_tools | * | |
| oracle | mysql_cluster | * | |
| oracle | nosql_database | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | |
| siemens | sinec_infrastructure_network_services | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "0B8440E6-CAF3-456D-A9B4-4EBF33AC3F37",
"versionEndExcluding": "10.24.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "4533F19F-C946-4203-8331-0317A0544D96",
"versionEndExcluding": "12.21.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "EB0738FA-DE42-4E1A-A67D-4C6357C2D720",
"versionEndExcluding": "14.16.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "E640EA36-17B2-4745-A831-AB8655F3579D",
"versionEndExcluding": "15.10.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "058C7C4B-D692-49DE-924A-C2725A8162D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0F0434A5-F2A1-4973-917C-A95F2ABE97D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "96DD93E0-274E-4C36-99F3-EEF085E57655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86305E47-33E9-411C-B932-08C395C09982",
"versionEndExcluding": "9.2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD765AD-DEE4-41C5-9746-A2294D5F21C7",
"versionEndIncluding": "8.0.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D04565AE-D092-4AE0-8FEE-0E8114662A1B",
"versionEndExcluding": "20.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an \u0027unknownProtocol\u0027 are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory."
},
{
"lang": "es",
"value": "Node.js versiones anteriores a 10.24.0, 12.21.0, 14.16.0 y 15.10.0, es vulnerable a un ataque de denegaci\u00f3n de servicio cuando son establecidos demasiados intentos de conexi\u00f3n con un \"unknownProtocol\".\u0026#xa0;Esto conlleva a una filtraci\u00f3n de descriptores de archivos.\u0026#xa0;Si es configurado un l\u00edmite de descriptor de archivo en el sistema, entonces el servidor no puede aceptar nuevas conexiones e impide que el proceso tambi\u00e9n se abra, por ejemplo, un archivo.\u0026#xa0;Si no es configurado ning\u00fan l\u00edmite de descriptor de archivo, esto conllevar\u00e1 a un uso excesivo de la memoria y causar\u00e1 al sistema quedarse sin memoria"
}
],
"id": "CVE-2021-22883",
"lastModified": "2024-11-21T05:50:49.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-03T18:15:14.893",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1043360"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0001/"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1043360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-14 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "564CADC6-8AB4-4FE0-8E0A-245E87712035",
"versionEndIncluding": "50.0.2661.87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:v8:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6F8A68-B4C0-4DB4-945F-4041F731FDE1",
"versionEndIncluding": "5.0.71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91D770B4-E1AB-40F6-A9FC-88E0FE860C81",
"versionEndExcluding": "0.10.46",
"versionStartIncluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90D7908B-0B23-4CC4-9585-0120DF187A47",
"versionEndExcluding": "0.12.15",
"versionStartIncluding": "0.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "9731B34D-C6F6-4129-BFEB-6C5C171F4CC0",
"versionEndExcluding": "4.4.6",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "30165C60-84D5-49FC-84C9-5CE9CF0DC43D",
"versionEndExcluding": "5.12.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "9ED36E22-DA95-4913-AB4E-4FB696031FFA",
"versionEndIncluding": "6.2.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code."
},
{
"lang": "es",
"value": "La funci\u00f3n Zone::New en zone.cc en Google V8 en versiones anteriores a 5.0.71.47, tal como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.102, no determina correctamente cu\u00e1ndo expandir ciertas asignaciones de memoria, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desbordamiento de buffer) o posiblemente tener otro impacto no especificado a trav\u00e9s de c\u00f3digo JavaScript manipulado."
}
],
"id": "CVE-2016-1669",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-14T21:59:09.460",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1080.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0002.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/90584"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securitytracker.com/id/1035872"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2017:0879"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2017:0880"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2017:0881"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2017:0882"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2018:0336"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://codereview.chromium.org/1945313002"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/606115"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://security.gentoo.org/glsa/201605-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1080.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/90584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:0879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:0880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:0881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:0882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:0336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.chromium.org/1945313002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/606115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-01 18:15
Modified
2024-11-21 07:20
Severity ?
Summary
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1F59CA-02F2-4374-A129-18713496B58B",
"versionEndExcluding": "3.0.7",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "CAC42CA8-8B01-4A19-A83C-A7D4D08E5E43",
"versionEndExcluding": "18.11.0",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:18.12.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "7B1F87EE-4E30-4832-BF01-8501E94380EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:19.0.0:*:*:*:-:*:*:*",
"matchCriteriaId": "F568BBC5-0D8E-499C-9F3E-DDCE5F10F9D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.\u0027 character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.\n\n"
},
{
"lang": "es",
"value": "Puede activarse una saturaci\u00f3n del b\u00fafer en la verificaci\u00f3n del certificado X.509, espec\u00edficamente en la verificaci\u00f3n de restricciones del nombre. Tenga en cuenta que esto ocurre despu\u00e9s de la verificaci\u00f3n de la firma de la cadena de certificados y requiere que una CA haya firmado un certificado malicioso o que la aplicaci\u00f3n contin\u00fae con la verificaci\u00f3n del certificado a pesar de no poder construir una ruta hacia un emisor confiable. Un atacante puede crear una direcci\u00f3n de correo electr\u00f3nico maliciosa en un certificado para desbordar una cantidad arbitraria de bytes que contengan el car\u00e1cter \".\" (decimal 46) en la pila de memoria. Este desbordamiento del b\u00fafer podr\u00eda provocar un bloqueo (provocando una denegaci\u00f3n de servicio). En un cliente TLS, esto se puede desencadenar conect\u00e1ndose a un servidor malicioso. En un servidor TLS, esto puede activarse si el servidor solicita la autenticaci\u00f3n del cliente y se conecta un cliente malicioso."
}
],
"id": "CVE-2022-3786",
"lastModified": "2024-11-21T07:20:14.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-01T18:15:11.047",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20221101.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20221101.txt"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-28 17:29
Modified
2024-11-21 03:44
Severity ?
Summary
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-request@iojs.org | http://www.securityfocus.com/bid/106040 | Third Party Advisory, VDB Entry | |
| cve-request@iojs.org | https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106040 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "30C30A13-A774-48C1-A0FC-1F31327DE909",
"versionEndExcluding": "6.15.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable."
},
{
"lang": "es",
"value": "Node.js: Todas las versiones anteriores a la 6.15.0: El puerto de depuraci\u00f3n 5858 escucha en cualquier interfaz por defecto. Cuando el depurador est\u00e1 habilitado con \"node --debug\" o \"node debug\", escucha en el puerto 5858 en todas las interfaces por defecto. Esto podr\u00eda permitir que los ordenadores remotos se conecten al puerto de depuraci\u00f3n y eval\u00faen JavaScript arbitrario. La interfaz por defecto es ahora localhost. Siempre ha sido posible iniciar el depurador en una interfaz concreta, como \"node --debug=localhost\". El depurador fue eliminado en Node.js 8 y se sustituy\u00f3 por el inspector, por lo que no hay versiones vulnerables a partir de la 8."
}
],
"id": "CVE-2018-12120",
"lastModified": "2024-11-21T03:44:38.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-28T17:29:00.290",
"references": [
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106040"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
}
],
"sourceIdentifier": "cve-request@iojs.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-419"
}
],
"source": "cve-request@iojs.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-829"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-09 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:v8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7900AA49-FCFE-4068-BA49-50EA0B53C4CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iojs:io.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3188BB5-6918-455C-8D25-B4DBA22830D6",
"versionEndIncluding": "1.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iojs:io.js:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FABEE90B-14C3-4147-BBDA-6E1186452174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iojs:io.js:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF9263D-673F-40A4-8D40-56DE5AD63B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iojs:io.js:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52BE5478-4021-42D4-B101-A572AAE17DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iojs:io.js:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2233DADC-4FBB-4459-AD8D-B15636DC5970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iojs:io.js:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72CC13EF-7061-4833-A079-EAB70A32F64B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iojs:io.js:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA4A14A1-1D14-4CE8-9198-80C1772A8AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iojs:io.js:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D2B3E1-973D-46ED-ADE4-BECE0CAFD678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iojs:io.js:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8261E351-8CB2-4BCB-AB75-9FDD96DC2BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iojs:io.js:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C236FE4E-1FF0-47E5-91F9-75ADD6C61498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BCBBCD4-2142-44B7-B3ED-6D2A301F85C6",
"versionEndIncluding": "0.12.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence."
},
{
"lang": "es",
"value": "La funci\u00f3n de Utf8DecoderBase::WriteUtf16Slow en unicode.decoder.cc en Google V8, al igual que como se usa en Node.js anterior a 0.12.6, io.js anterior a 1.8.3 y 2.x antes de 2.3.3 y otros productos, no verifica que haya memoria disponible para un par surrogado UTF-16, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o la posibilidad de causar otro impacto a trav\u00e9s de una secuencia de bytes manipulada."
}
],
"id": "CVE-2015-5380",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-09T10:59:00.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/75556"
},
{
"source": "cve@mitre.org",
"url": "https://codereview.chromium.org/1226493003"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/joyent/node/issues/25583"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40iojs/important-security-upgrades-for-node-js-and-io-js-8ac14ece5852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.chromium.org/1226493003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/joyent/node/issues/25583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40iojs/important-security-upgrades-for-node-js-and-io-js-8ac14ece5852"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-20 02:15
Modified
2025-04-02 20:10
Severity ?
Summary
A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | http://www.openwall.com/lists/oss-security/2024/03/11/1 | Mailing List, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/2233486 | Issue Tracking | |
| support@hackerone.com | https://security.netapp.com/advisory/ntap-20240315-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/03/11/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/2233486 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240315-0004/ | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "ED0E725B-F218-44C4-BAFA-05E831D9ED68",
"versionEndExcluding": "18.19.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "EB510747-739C-4654-86E1-337962640D6E",
"versionEndExcluding": "20.11.1",
"versionStartIncluding": "20.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "47D50080-1F46-4A8C-B766-971F7FBCA5C1",
"versionEndExcluding": "21.6.2",
"versionStartIncluding": "21.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5EBD2A-32A3-46D5-B155-B44DCB7F6902",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits."
},
{
"lang": "es",
"value": "Una vulnerabilidad en los servidores HTTP de Node.js permite a un atacante enviar una solicitud HTTP especialmente manipulada con codificaci\u00f3n fragmentada, lo que provoca el agotamiento de los recursos y la denegaci\u00f3n de servicio (DoS). El servidor lee una cantidad ilimitada de bytes de una \u00fanica conexi\u00f3n, aprovechando la falta de limitaciones en los bytes de extensi\u00f3n de fragmentos. El problema puede provocar el agotamiento del ancho de banda de la CPU y de la red, pasando por alto salvaguardas est\u00e1ndar como tiempos de espera y l\u00edmites de tama\u00f1o corporal."
}
],
"id": "CVE-2024-22019",
"lastModified": "2025-04-02T20:10:16.543",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "support@hackerone.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-20T02:15:50.983",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking"
],
"url": "https://hackerone.com/reports/2233486"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://hackerone.com/reports/2233486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0004/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-28 17:29
Modified
2024-11-21 03:44
Severity ?
Summary
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-request@iojs.org | https://access.redhat.com/errata/RHSA-2019:1821 | Third Party Advisory | |
| cve-request@iojs.org | https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ | Patch, Vendor Advisory | |
| cve-request@iojs.org | https://security.gentoo.org/glsa/202003-48 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1821 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202003-48 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| suse | suse_enterprise_storage | 4 | |
| suse | suse_linux_enterprise_server | 12 | |
| suse | suse_linux_enterprise_server | 15 | |
| suse | suse_openstack_cloud | 7 | |
| suse | suse_openstack_cloud | 8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "2DEF4845-F577-4B12-AA48-39F0830B128E",
"versionEndExcluding": "6.15.0",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "7E79DFA7-55F8-453A-83E9-1C790902FCB8",
"versionEndExcluding": "8.14.0",
"versionStartIncluding": "8.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:suse_enterprise_storage:4:*:*:*:*:*:*:*",
"matchCriteriaId": "30A38AC5-A8B9-4244-8093-40C77ADFF5F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
"matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:15:*:*:*:*:*:*:*",
"matchCriteriaId": "AF73A3D9-6566-4CBF-AA5F-5A4B99719A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_openstack_cloud:7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B73BE9-4340-4A6B-89FE-A40FC4A10187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_openstack_cloud:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C659D0-D6DB-4313-9208-C0C49FECD290",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server."
},
{
"lang": "es",
"value": "Node.js: Todas las versiones anteriores a la 6.15.0 y 8.14.0: separaci\u00f3n de petici\u00f3n HTTP. Si se puede convencer a Node.js para que emplee datos Unicode no saneados proporcionados por el usuario para la opci\u00f3n \"path\" de una petici\u00f3n HTTP, los datos pueden proporcionarse para desencadenar una segunda petici\u00f3n HTTP no esperada y definida por el usuario para el mismo servidor."
}
],
"id": "CVE-2018-12116",
"lastModified": "2024-11-21T03:44:37.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-28T17:29:00.230",
"references": [
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1821"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-48"
}
],
"sourceIdentifier": "cve-request@iojs.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-115"
}
],
"source": "cve-request@iojs.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-23 04:29
Modified
2025-04-20 01:37
Severity ?
Summary
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "335E67A2-8ED1-4E9C-B63A-0B4F4F963A94",
"versionEndExcluding": "1.2.9",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*",
"matchCriteriaId": "6833701E-5510-4180-9523-9CFD318DEE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*",
"matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
"matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
"matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*",
"matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
"matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
"matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F370B9CC-03AA-436B-AF81-1FD48F33BAEB",
"versionEndIncluding": "5.5.61",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2BAC98-4BC4-44EB-AE09-826BD21D5E3D",
"versionEndIncluding": "5.6.41",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76702038-5D38-450F-BA25-FED83FBE758B",
"versionEndIncluding": "5.7.23",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "106FA614-55B8-4D90-B654-47EE199E7CC1",
"versionEndIncluding": "8.0.12",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F72F611A-26E5-4CC7-888E-96AD158D7C68",
"versionEndExcluding": "11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66F7B69D-5362-4E15-9FFE-8F3E87738920",
"versionEndExcluding": "10.13.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11895153-2FE5-4D73-B7FC-182FA280BA36",
"versionEndExcluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49790D15-2446-4138-B1FA-6C806587C5A1",
"versionEndExcluding": "4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C87F0098-C8A6-4815-A14C-19B49A508FF3",
"versionEndExcluding": "5.5.62",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C38B1059-586F-4930-8F86-52A7B19AB54F",
"versionEndExcluding": "10.0.37",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC91A04-1CD8-4863-874E-C9B3C4922998",
"versionEndExcluding": "10.1.37",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8451F87D-FA6E-403E-8865-CE6DE7F3FE62",
"versionEndExcluding": "10.2.19",
"versionStartIncluding": "10.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD53EB8-46EF-49F4-9C75-610A3B466203",
"versionEndExcluding": "10.3.11",
"versionStartIncluding": "10.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "BCA5DE0E-A10C-42A1-BFE3-1FED2C3171AB",
"versionEndExcluding": "4.8.2",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "ED1F2BAC-47F9-49C9-93FE-20EDD46CDF86",
"versionEndExcluding": "6.10.2",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "7F49B5A3-6516-46A2-884B-4D6657C188AE",
"versionEndExcluding": "7.6.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation."
},
{
"lang": "es",
"value": "La funci\u00f3n crc32_big en crc32.c in zlib 1.2.8 podr\u00eda permitir que atacantes dependientes del contexto causen impactos no especificados mediante vectores que implican c\u00e1lculos CRC big-endian."
}
],
"id": "CVE-2016-9843",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-23T04:29:01.900",
"references": [
{
"source": "security@opentext.com",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"source": "security@opentext.com",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"source": "security@opentext.com",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"source": "security@opentext.com",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"source": "security@opentext.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "security@opentext.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "security@opentext.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/95131"
},
{
"source": "security@opentext.com",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"source": "security@opentext.com",
"url": "http://www.securitytracker.com/id/1041888"
},
{
"source": "security@opentext.com",
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"source": "security@opentext.com",
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"source": "security@opentext.com",
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"source": "security@opentext.com",
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"source": "security@opentext.com",
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"source": "security@opentext.com",
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"source": "security@opentext.com",
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"source": "security@opentext.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402351"
},
{
"source": "security@opentext.com",
"url": "https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811"
},
{
"source": "security@opentext.com",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"source": "security@opentext.com",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"source": "security@opentext.com",
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"source": "security@opentext.com",
"url": "https://security.gentoo.org/glsa/202007-54"
},
{
"source": "security@opentext.com",
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"source": "security@opentext.com",
"url": "https://support.apple.com/HT208112"
},
{
"source": "security@opentext.com",
"url": "https://support.apple.com/HT208113"
},
{
"source": "security@opentext.com",
"url": "https://support.apple.com/HT208115"
},
{
"source": "security@opentext.com",
"url": "https://support.apple.com/HT208144"
},
{
"source": "security@opentext.com",
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"source": "security@opentext.com",
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"source": "security@opentext.com",
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"source": "security@opentext.com",
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"source": "security@opentext.com",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1041888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202007-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-04 19:29
Modified
2024-11-21 03:15
Severity ?
Summary
The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://cwe.mitre.org/data/definitions/377.html | Third Party Advisory | |
| support@hackerone.com | https://github.com/gvarsanyi/sync-exec/issues/17 | Issue Tracking, Third Party Advisory | |
| support@hackerone.com | https://nodesecurity.io/advisories/310 | Third Party Advisory | |
| support@hackerone.com | https://www.owasp.org/index.php/Insecure_Temporary_File | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/377.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gvarsanyi/sync-exec/issues/17 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodesecurity.io/advisories/310 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.owasp.org/index.php/Insecure_Temporary_File | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sync-exec_project | sync-exec | * | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sync-exec_project:sync-exec:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "EFF1F70B-F9DC-479F-91BB-379EC093C7E9",
"versionEndIncluding": "0.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2709829F-CB8C-40A5-A703-FBB404507CD7",
"versionEndExcluding": "0.11.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The sync-exec module is used to simulate child_process.execSync in node versions \u003c0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists."
},
{
"lang": "es",
"value": "El m\u00f3dulo sync-exec se emplea para simular child_process.execSync en la versiones de node anteriores a la 0.11.9. Sync-exec emplea directorios tmp como b\u00fafer antes de devolver valores. Otros usuarios en el servidor tienen acceso de lectura al directorio tmp, lo que podr\u00eda permitir que un atacante en el servidor obtenga informaci\u00f3n confidencial del archivo tmp/del b\u00fafer mientras existe."
}
],
"id": "CVE-2017-16024",
"lastModified": "2024-11-21T03:15:41.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-04T19:29:01.427",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/377.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/gvarsanyi/sync-exec/issues/17"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://nodesecurity.io/advisories/310"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.owasp.org/index.php/Insecure_Temporary_File"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/377.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/gvarsanyi/sync-exec/issues/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://nodesecurity.io/advisories/310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.owasp.org/index.php/Insecure_Temporary_File"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-377"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-24 22:15
Modified
2024-11-21 05:38
Severity ?
Summary
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| oracle | banking_extensibility_workbench | 14.3.0 | |
| oracle | banking_extensibility_workbench | 14.4.0 | |
| oracle | blockchain_platform | * | |
| oracle | mysql_cluster | * | |
| oracle | mysql_cluster | * | |
| oracle | mysql_cluster | * | |
| oracle | mysql_cluster | * | |
| oracle | mysql_cluster | * | |
| oracle | retail_xstore_point_of_service | 16.0.6 | |
| oracle | retail_xstore_point_of_service | 17.0.4 | |
| oracle | retail_xstore_point_of_service | 18.0.3 | |
| oracle | retail_xstore_point_of_service | 19.0.2 | |
| oracle | retail_xstore_point_of_service | 20.0.1 | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | snapcenter | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "53504DFB-0FB6-4A98-ACF5-4FF44E8B856A",
"versionEndExcluding": "10.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D8149925-4E4A-4FB2-B71C-26D0C684618F",
"versionEndExcluding": "12.18.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "7299545B-A443-4DBC-BA18-3F55BB2FE8FB",
"versionEndExcluding": "14.4.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EABAFD73-150F-4DFE-B721-29EB4475D979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE57039D-E2EE-4014-A7B1-D7380D26098E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7",
"versionEndExcluding": "21.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69D21CF6-A2D7-403B-9A22-66A892C0F57D",
"versionEndIncluding": "7.3.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "156E63C9-9834-4120-A245-CF1AF6BEC040",
"versionEndIncluding": "7.4.29",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6111894E-B3C9-41F1-8106-6BA16980A146",
"versionEndIncluding": "7.5.19",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C69D247E-D8A3-4834-9240-7EACCA0F63BA",
"versionEndIncluding": "7.6.15",
"versionStartIncluding": "7.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88B86B2E-D69E-4E1E-BCD5-8B3B9573626C",
"versionEndIncluding": "8.0.21",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "490B2C44-CECD-4551-B04F-4076D0E053C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "napi_get_value_string_*() allows various kinds of memory corruption in node \u003c 10.21.0, 12.18.0, and \u003c 14.4.0."
},
{
"lang": "es",
"value": "La funci\u00f3n napi_get_value_string_*(), permite varios tipos de corrupci\u00f3n de memoria en node versiones anteriores a 10.21.0, 12.18.0 y versiones anteriores a 14.4.0"
}
],
"id": "CVE-2020-8174",
"lastModified": "2024-11-21T05:38:26.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-24T22:15:12.280",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/784186"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-07"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201023-0003/"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/784186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201023-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-07 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2E637C-EA49-4DB6-B4D5-B4684A9549C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1966CED-11A1-4328-A57E-308BE5E4CCD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F46AD2-BB74-4391-8A4F-7BE49EF41F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC36E36A-9592-49DA-AACE-B3638FC55F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B98E9F42-08BC-49B5-90C8-AC3EA7960C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA37EF5-DF97-467B-9A56-1611345387FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0BD0C1-2294-4AFB-B4AE-C81576FB9AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4057D560-81EE-49ED-888C-89560DBE3348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F87810E1-BDAD-455D-82E3-334CC102AB2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC00B3A-3C9D-4487-9686-775CBAA1CC42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7C0A4F5B-4546-414C-A209-07C27ED1C944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2515087F-B272-4B76-99F4-ACA0C2460046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7016DE-A3A5-450B-9FBD-2C98A07FF3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1848A7-E68E-4CB4-B73C-C5200ABAC9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*",
"matchCriteriaId": "59F861AB-574A-41BF-8E2D-6440B35C2AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*",
"matchCriteriaId": "41C8CEF8-49E1-4CB0-837B-E85C76BF9DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7101A5-FDC9-4897-B8E8-6A07790D42A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*",
"matchCriteriaId": "F7776F01-29AC-4161-9C91-C7392C6A356E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3CADD766-8328-4669-BE66-A4757D5FB471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9792E9-2593-46B4-9633-E2F2DB11106B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*",
"matchCriteriaId": "FF209248-8921-419A-86EB-30E7095E4514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2C0D6C34-E046-40BD-907D-0E2510C09A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E5CBB83F-19AD-44BD-B7D4-19C1A8F80011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E2EA97-156D-4870-8967-78E4ED6EF64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*",
"matchCriteriaId": "54961BCA-8730-4B40-8385-41F6D65797F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B22FA598-E613-4652-92CD-237F749D13DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F321AF-FCC7-456D-AFE2-2CEF9CBAFCC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*",
"matchCriteriaId": "18F2EC65-2A47-4C45-8D58-63D18443B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*",
"matchCriteriaId": "D0517A28-70F9-4947-BEF0-9CC645388BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DD5BBD-922E-4026-9DEC-98CF9411CE95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*",
"matchCriteriaId": "63E078BA-8BDC-47EB-84B9-09B785FD1213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9971A7-1C18-43C0-97BC-27096609EFC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA5107B-4347-4D43-ADA6-141527A40333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*",
"matchCriteriaId": "0C679CFA-50D4-430B-B372-113CE236EACC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AA6FEE-C630-4545-BCCF-3C211461C6C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*",
"matchCriteriaId": "682E8A32-1F1E-4427-BAD8-58596F85F170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*",
"matchCriteriaId": "C9827EF0-E340-4A75-9735-F20CDF09CA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C02C09-D738-45B1-BF6F-A4499E5F8D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*",
"matchCriteriaId": "EE85CACC-842F-46C7-966D-48E866055A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*",
"matchCriteriaId": "771BCA5F-B762-4569-AB46-08A13A4EFD5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*",
"matchCriteriaId": "21E05024-3647-456D-A731-D19411FED2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*",
"matchCriteriaId": "89929EB1-D723-496B-A7C6-4B4CD9C176B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*",
"matchCriteriaId": "D3EA4652-EF0E-414C-AEB8-AEFE788B66A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9002F9-87C4-4C7F-9BD9-430EB15CD4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21EF734D-9E6B-4E01-9AFE-C0B847D583A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12606C39-6F39-4DDF-9B36-A160875B265F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4D8789-33C3-498A-857D-CC6576732C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "466E8851-6BE7-4716-AB16-3E985411C35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C4DB21-F35A-4567-8B04-85DB3089CDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7E7436-117A-4F79-BA7A-2A0059BB9694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "037511C2-3FA9-4A4C-996B-A1462C221DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "65EEB1B9-2E75-46F4-B70C-94991D38B427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5C5750-10F3-45D7-AC9B-7EA06F4B3887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0390D600-532D-4675-95BB-10EC4E06F3E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35AAF7CD-9AE6-4A4B-858E-4B17031BD058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DCB6010-AC31-4B61-9DA6-E119ADC5D70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5364365-36F1-49C0-BF8D-2D5054BC7B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0740684D-989A-4957-8AC1-AAB01A04E393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08C97202-6AEC-4B8D-B3F6-49F6AEF9CFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFA073A-9AC2-4162-9DDA-B6CD0AE53D3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8FD4B3-D515-486A-94A3-29CBDA2E25CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55E18631-9502-42CC-A85A-EA5742FDC317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCBC213-1524-4C88-9EB3-52E003070A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C928FB55-2F33-4458-8484-4010AE8883A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64F7E56E-CA65-47C3-9ADA-F13A834D3961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "183A5888-01C5-4977-9C66-1467FFA6D457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F811E8BB-F1C8-43BE-BEAD-FC4FE122ABEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDE8D29-7C15-44D1-8D5C-0E438D9DE029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCA3C10-FB37-4256-812A-EB8A3A095E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54197CC5-9C7D-4DCE-A60F-625DE246E5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6173A6E4-F472-46CF-9762-6F3CAAFD9C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C25A52-E3C0-4429-AB96-1E33523E51D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header."
},
{
"lang": "es",
"value": "Node.js 0.10.x en versiones anteriores a 0.10.42, 0.12.x en versiones anteriores a 0.12.10, 4.x en versiones anteriores a 4.3.0 y 5.x en versiones anteriores a 5.6.0 permite a atacantes remotos llevar a cabo ataques de contrabando de peticiones HTTP a trav\u00e9s de una cabecera Content-Length HTTP."
}
],
"id": "CVE-2016-2086",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-07T21:59:01.900",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/83282"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201612-43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/83282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201612-43"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-10 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/101260 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1268791 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/nodejs/node/issues/3138 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101260 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1268791 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nodejs/node/issues/3138 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0390D600-532D-4675-95BB-10EC4E06F3E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35AAF7CD-9AE6-4A4B-858E-4B17031BD058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DCB6010-AC31-4B61-9DA6-E119ADC5D70B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service."
},
{
"lang": "es",
"value": "Node.js 4.0.0, 4.1.0 y 4.1.1 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2015-7384",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-10T16:29:00.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101260"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268791"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nodejs/node/issues/3138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nodejs/node/issues/3138"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-17 14:29
Modified
2024-11-21 04:11
Severity ?
Summary
The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "CC30BAD0-79DE-4FE9-982D-7252E668442F",
"versionEndExcluding": "4.9.0",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6855CC9-21A0-4C1B-8C27-A15FA0D7244F",
"versionEndExcluding": "6.14.0",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "A6E7AD1F-26AA-4CBA-9162-7DFC0B09E620",
"versionEndExcluding": "8.11.0",
"versionStartIncluding": "8.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8FC117F5-0B41-49F5-83DF-B830DEE95404",
"versionEndExcluding": "9.10.0",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete."
},
{
"lang": "es",
"value": "El analizador HTTP en todas las versiones actuales de Node.js ignora los espacios en la cabecera \"Content-Length\", permitiendo que entradas como `Content-Length: 1 2\" se interpreten con un valor de \"12\". La especificaci\u00f3n HTTP no permite los espacios en el valor \"Content-Length\" y se ha destacado el analizador HTTP de Node.js con respecto a esta diferencia en concreto. El riesgo de seguridad de este error para los usuarios de Node.js se considera MUY BAJO, ya que es dif\u00edcil (y tal vez imposible) manipular un ataque que haga uso de este error de forma que no se pueda lograr ya proporcionando un valor incorrecto para \"Content-Length\". Podr\u00edan existir vulnerabilidades en el c\u00f3digo de usuario que realizan asunciones incorrectas sobre la precisi\u00f3n potencial de este valor comparado con la longitud total de los datos proporcionados. Se recomienda que los usuarios de Node.js que manipulan utilidades HTTP de bajo nivel vuelvan a comprobar la longitud de cualquier entrada proporcionada una vez se ha completado el an\u00e1lisis."
}
],
"id": "CVE-2018-7159",
"lastModified": "2024-11-21T04:11:41.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-17T14:29:00.653",
"references": [
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2258"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
},
{
"source": "cve-request@iojs.org",
"url": "https://support.f5.com/csp/article/K27228191?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K27228191?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"sourceIdentifier": "cve-request@iojs.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-115"
}
],
"source": "cve-request@iojs.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-05 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDFD93B-693D-46DC-9C39-FDECB3E619E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8519121-8EA3-4851-A824-13921232DB02",
"versionEndIncluding": "5.6.30",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E576DEB-1E39-4582-BFAA-E1D9F311242D",
"versionEndIncluding": "5.7.12",
"versionStartIncluding": "5.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39A901D6-0874-46A4-92A8-5F72C7A89E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "854A3AE0-E319-46F9-BDDF-425D967A5C82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "21F16D65-8A46-4AC7-8970-73AB700035FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "92F393FF-7E6F-4671-BFBF-060162E12659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E1B85A09-CF8D-409D-966E-168F9959F6F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "CEDACCB9-8D61-49EE-9957-9E58BC7BB031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
"matchCriteriaId": "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
"matchCriteriaId": "E884B241-F9C3-44F8-A420-DE65F5F3D660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
"matchCriteriaId": "3A383620-B4F7-44A7-85DA-A4FF2E115D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0C6812-F455-49CF-B29B-9AC00306DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
"matchCriteriaId": "3703E445-17C0-4C85-A496-A35641C0C8DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
"matchCriteriaId": "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
"matchCriteriaId": "ABEC1927-F469-4B9E-B544-DA6CF90F0B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EC827B-5313-47D7-BF49-CFF033CF3D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
"matchCriteriaId": "A438E65F-33B1-46BC-AD93-200DCC6B43D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFDCF78-62C1-429E-A43C-0C9FEC14837D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
"matchCriteriaId": "6A0B4DEF-C6E8-4243-9893-6E650013600C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
"matchCriteriaId": "E28CD4F7-522F-4ECA-9035-228596CDE769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "A491B32F-31F0-4151-AE9B-313CBF2C060D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "18797BEE-417D-4959-9AAD-C5A7C051B524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6FAA3C31-BD9D-45A9-A502-837FECA6D479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6455A421-9956-4846-AC7C-3431E0D37D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "94D9EC1C-4843-4026-9B05-E060E9391734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
"matchCriteriaId": "B066401C-21CF-4BE9-9C55-C9F1E0C7BE3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CBD1B3E-644C-42B4-A556-7A4C58D219D6",
"versionEndExcluding": "0.10.45",
"versionStartIncluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E35B5D6-6D7B-4D04-A8E4-88C4C47270AE",
"versionEndExcluding": "0.12.14",
"versionStartIncluding": "0.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "BA51558F-F55C-48B3-870B-6D1225998AB3",
"versionEndExcluding": "4.4.4",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29D607F1-B2A0-49FE-B9F3-B1C94A59104B",
"versionEndExcluding": "5.11.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.0.0:*:*:*:-:*:*:*",
"matchCriteriaId": "BD30B503-CD0A-4CCF-A346-AF5F4BD379FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n EVP_EncodeUpdate en crypto/evp/encode.c en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica) a trav\u00e9s de una gran cantidad de datos binarios."
}
],
"id": "CVE-2016-2105",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-05T01:59:01.200",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/89757"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"source": "secalert@redhat.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "secalert@redhat.com",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/89757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-18"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-11 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-request@iojs.org | https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ | Issue Tracking, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "3818E441-8DC4-42E6-8D11-E58D195CBE8A",
"versionEndExcluding": "4.8.7",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "BEA03114-7288-4E7C-9220-C0ABCD5F0389",
"versionEndExcluding": "6.12.2",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "C45E9D50-CD3D-480B-B9B8-451ADFF26505",
"versionEndExcluding": "8.9.3",
"versionStartIncluding": "8.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "82FDBB10-3298-4C9A-9CC0-D34643AEC868",
"versionEndExcluding": "9.2.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption."
},
{
"lang": "es",
"value": "Node.js se ha visto afectado por una vulnerabilidad de OpenSSL (CVE-2017-3737) en relaci\u00f3n con el uso de SSL_read() debido a un error en la negociaci\u00f3n TLS. El resultado era que un atacante de una red activa podr\u00eda enviar datos de la aplicaci\u00f3n a Node.js empleando los m\u00f3dulos TLS o HTTP2 de forma que omitan la autenticaci\u00f3n y codificaci\u00f3n TLS."
}
],
"id": "CVE-2017-15896",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-11T21:29:00.517",
"references": [
{
"source": "cve-request@iojs.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/"
}
],
"sourceIdentifier": "cve-request@iojs.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-18 04:15
Modified
2024-11-21 08:15
Severity ?
Summary
Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects.
This is distinct from CVE-2023-32004 which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| fedoraproject | fedora | 39 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "6BD3775B-9921-452D-ACF2-626A96B781F0",
"versionEndExcluding": "20.8.0",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects.\r\n\r\nThis is distinct from CVE-2023-32004 which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`.\r\n\r\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
},
{
"lang": "es",
"value": "Varias funciones `node:fs` permiten especificar rutas como cadenas u objetos `Uint8Array`. En entornos Node.js, la clase `Buffer` extiende la clase `Uint8Array`. Node.js evita el path traversal a trav\u00e9s de cadenas (ver CVE-2023-30584) y objetos `Buffer` (ver CVE-2023-32004), pero no a trav\u00e9s de objetos `Uint8Array` que no son `Buffer`. Esto es distinto de CVE-2023-32004, que solo se refer\u00eda a objetos \"Buffer\". Sin embargo, la vulnerabilidad sigue el mismo patr\u00f3n al usar \"Uint8Array\" en lugar de \"Buffer\". Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el modelo de permiso es una caracter\u00edstica experimental de Node.js."
}
],
"id": "CVE-2023-39332",
"lastModified": "2024-11-21T08:15:10.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-18T04:15:11.330",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/2199818"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231116-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/2199818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231116-0009/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-13 21:15
Modified
2025-01-14 19:29
Severity ?
Summary
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93988E60-006B-434D-AB16-1FA1D2FEBC2A",
"versionEndIncluding": "1.4.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D294D56-E784-4DA8-9C2C-BC5A05C92C0C",
"versionStartIncluding": "10.12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B1D2F6-BC1F-47AF-B4E6-4B50986AC622",
"versionStartIncluding": "14.04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "603BF43B-FC99-4039-A3C0-467F015A32FA",
"versionEndIncluding": "6.2.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07BB02CE-D4F2-459C-B0C6-FF78BF7996AE",
"versionEndIncluding": "7.1.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D875E0D8-D109-4F7F-A4C4-9EDD66CEE74E",
"versionEndIncluding": "8.0.3",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C997777-BE79-4F77-90D7-E1A71D474D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9685B12-824F-42AD-B87C-6E7A78BB7FA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0C5120-B961-440F-B454-584BC54B549C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCBDFF9-AF42-4681-879B-CF789EBAD130",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60937D60-6B78-400F-8D30-7FCF328659A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2466282-51AB-478D-9FF4-FA524265ED2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0952BA1A-5DF9-400F-B01F-C3A398A8A2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B157A2D-3422-4224-82D9-15AB3B989075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "309CB6F8-F178-454C-BE97-787F78647C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBCD38F-BBE8-488C-A8C3-5782F191D915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C85A84D-A70F-4B02-9E5D-CD9660ABF048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "732F14CE-7994-4DD2-A28B-AE9E79826C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7F358B-5E56-41AB-BB8A-23D3CB7A248B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E939A0E0-3437-459E-9FAB-FE42811B1D32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C120C2F1-D50D-49CC-8E96-207ACCA49674",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "765E9856-2748-4A8B-91F5-A4DB3C8C547A",
"versionEndExcluding": "7.7.2.24",
"versionStartIncluding": "7.7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6E66B1-3291-4E8E-93D6-30E9FDCF983E",
"versionEndExcluding": "7.8.2.13",
"versionStartIncluding": "7.8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "227104AD-396D-4ADD-87C7-C4CD5583DA04",
"versionEndExcluding": "8.2.0",
"versionStartIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D9A34F5-AC03-4098-A37D-AD50727DDB11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99C12BA5-2D81-4973-824E-2BDDA70F2485",
"versionEndExcluding": "11.6.5.1",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "591EA641-C103-4575-97D5-15D41B20E581",
"versionEndExcluding": "12.1.5.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F3F4FD-8BB9-468D-B50F-B25B17AF0F3A",
"versionEndExcluding": "13.1.3.2",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63529AEA-8B74-4CA1-BADF-14514D243DC5",
"versionEndExcluding": "14.0.1.1",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D87CCF-ED81-4B69-9D02-D5B79082E0FF",
"versionEndExcluding": "14.1.2.1",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5485F6ED-F324-4124-9116-79E70909C5F7",
"versionEndExcluding": "15.0.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "CFC0252A-DF1D-4CF4-B450-27267227B599",
"versionEndExcluding": "8.16.1",
"versionStartIncluding": "8.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "25A3180B-21AF-4010-9DAB-41ADFD2D8031",
"versionEndIncluding": "10.12.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "2EC65858-FF7B-4171-82EA-80942D426F40",
"versionEndExcluding": "10.16.3",
"versionStartIncluding": "10.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F522C500-AA33-4029-865F-F27FB00A354E",
"versionEndExcluding": "12.8.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both."
},
{
"lang": "es",
"value": "Algunas implementaciones de HTTP / 2 son vulnerables a una inundaci\u00f3n de reinicio, lo que puede conducir a una denegaci\u00f3n de servicio. El atacante abre una serie de secuencias y env\u00eda una solicitud no v\u00e1lida sobre cada secuencia que deber\u00eda solicitar una secuencia de tramas RST_STREAM del par. Dependiendo de c\u00f3mo el igual pone en cola las tramas RST_STREAM, esto puede consumir un exceso de memoria, CPU o ambos."
}
],
"id": "CVE-2019-9514",
"lastModified": "2025-01-14T19:29:55.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cret@cert.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-13T21:15:12.443",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/20/1"
},
{
"source": "cret@cert.org",
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2594"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2661"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2682"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2726"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2766"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2796"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2861"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3131"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3245"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3265"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3906"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4040"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4041"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4042"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4045"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4269"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4273"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0406"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/31"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/43"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/18"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0001/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0004/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K01988340"
},
{
"source": "cret@cert.org",
"url": "https://support.f5.com/csp/article/K01988340?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4308-1/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4503"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4508"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K01988340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K01988340?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4308-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-16 05:59
Modified
2025-04-12 10:46
Severity ?
Summary
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| openssl | openssl | 1.0.1 | |
| openssl | openssl | 1.0.1a | |
| openssl | openssl | 1.0.1b | |
| openssl | openssl | 1.0.1c | |
| openssl | openssl | 1.0.1d | |
| openssl | openssl | 1.0.1e | |
| openssl | openssl | 1.0.1f | |
| openssl | openssl | 1.0.1g | |
| openssl | openssl | 1.0.1h | |
| openssl | openssl | 1.0.1i | |
| openssl | openssl | 1.0.1j | |
| openssl | openssl | 1.0.1k | |
| openssl | openssl | 1.0.1l | |
| openssl | openssl | 1.0.1m | |
| openssl | openssl | 1.0.1n | |
| openssl | openssl | 1.0.1o | |
| openssl | openssl | 1.0.1p | |
| openssl | openssl | 1.0.1q | |
| openssl | openssl | 1.0.1r | |
| openssl | openssl | 1.0.1s | |
| openssl | openssl | 1.0.1t | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2a | |
| openssl | openssl | 1.0.2b | |
| openssl | openssl | 1.0.2c | |
| openssl | openssl | 1.0.2d | |
| openssl | openssl | 1.0.2e | |
| openssl | openssl | 1.0.2f | |
| openssl | openssl | 1.0.2g | |
| openssl | openssl | 1.0.2h |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA619F9-88D2-4FF6-BCC4-320A2C332E8E",
"versionEndExcluding": "0.12.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC51255-7A8E-45C1-95F9-FC8A15500188",
"versionEndExcluding": "4.6.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A373B08-DC13-4524-9A9C-989684868C80",
"versionEndExcluding": "6.6.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "CEDACCB9-8D61-49EE-9957-9E58BC7BB031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
"matchCriteriaId": "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
"matchCriteriaId": "E884B241-F9C3-44F8-A420-DE65F5F3D660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
"matchCriteriaId": "3A383620-B4F7-44A7-85DA-A4FF2E115D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0C6812-F455-49CF-B29B-9AC00306DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
"matchCriteriaId": "3703E445-17C0-4C85-A496-A35641C0C8DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
"matchCriteriaId": "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
"matchCriteriaId": "ABEC1927-F469-4B9E-B544-DA6CF90F0B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EC827B-5313-47D7-BF49-CFF033CF3D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
"matchCriteriaId": "A438E65F-33B1-46BC-AD93-200DCC6B43D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFDCF78-62C1-429E-A43C-0C9FEC14837D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
"matchCriteriaId": "6A0B4DEF-C6E8-4243-9893-6E650013600C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
"matchCriteriaId": "E28CD4F7-522F-4ECA-9035-228596CDE769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "A491B32F-31F0-4151-AE9B-313CBF2C060D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF4953B-BB23-4C80-8C48-9E94EB234AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "94D9EC1C-4843-4026-9B05-E060E9391734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
"matchCriteriaId": "B066401C-21CF-4BE9-9C55-C9F1E0C7BE3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
"matchCriteriaId": "036FB24F-7D86-4730-8BC9-722875BEC807",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n MDC2_Update en crypto/mdc2/mdc2dgst.c en OpenSSL en versiones anteriores a 1.1.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (escritura fuera de l\u00edmites y ca\u00edda de aplicaci\u00f3n) o tener otro posible impacto no especificado a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2016-6303",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-16T05:59:13.363",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92984"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036885"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146"
},
{
"source": "secalert@redhat.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "secalert@redhat.com",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-21"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-18 04:15
Modified
2024-11-21 08:13
Severity ?
Summary
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check.
Impacts:
This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.
Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BFC09F-B97D-4C45-939A-6EB3B1F41850",
"versionEndIncluding": "18.18.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30646F94-FCFC-4E0C-A791-CDAF1FB0498A",
"versionEndIncluding": "20.8.0",
"versionStartIncluding": "20.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node\u0027s policy implementation, thus effectively disabling the integrity check.\nImpacts:\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.\nPlease note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js."
},
{
"lang": "es",
"value": "Cuando la funci\u00f3n de pol\u00edtica de Node.js verifica la integridad de un recurso con un manifiesto confiable, la aplicaci\u00f3n puede interceptar la operaci\u00f3n y devolver una suma de verificaci\u00f3n falsificada a la implementaci\u00f3n de la pol\u00edtica del nodo, deshabilitando as\u00ed efectivamente la verificaci\u00f3n de integridad. Impactos: esta vulnerabilidad afecta a todos los usuarios que utilizan el mecanismo de pol\u00edtica experimental en todas las l\u00edneas de versiones activas: 18.x y 20.x. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el mecanismo de pol\u00edtica era una caracter\u00edstica experimental de Node.js."
}
],
"id": "CVE-2023-38552",
"lastModified": "2024-11-21T08:13:48.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-18T04:15:11.200",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/2094235"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231116-0013/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/2094235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231116-0013/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-03 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| c-ares | c-ares | 1.0.0 | |
| c-ares | c-ares | 1.1.0 | |
| c-ares | c-ares | 1.2.0 | |
| c-ares | c-ares | 1.2.1 | |
| c-ares | c-ares | 1.3.0 | |
| c-ares | c-ares | 1.3.1 | |
| c-ares | c-ares | 1.3.2 | |
| c-ares | c-ares | 1.4.0 | |
| c-ares | c-ares | 1.5.0 | |
| c-ares | c-ares | 1.5.1 | |
| c-ares | c-ares | 1.5.2 | |
| c-ares | c-ares | 1.5.3 | |
| c-ares | c-ares | 1.6.0 | |
| c-ares | c-ares | 1.7.0 | |
| c-ares | c-ares | 1.7.1 | |
| c-ares | c-ares | 1.7.2 | |
| c-ares | c-ares | 1.7.3 | |
| c-ares | c-ares | 1.7.4 | |
| c-ares | c-ares | 1.7.5 | |
| c-ares | c-ares | 1.8.0 | |
| c-ares | c-ares | 1.9.0 | |
| c-ares | c-ares | 1.9.1 | |
| c-ares | c-ares | 1.10.0 | |
| c-ares_project | c-ares | 1.11.0 | |
| debian | debian_linux | 8.0 | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 16.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1290A1CC-6506-4D8A-A4A6-055A38D57547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FB2A771-24BE-4FB5-87E9-25C385848AAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE64E1CB-185E-481B-BC81-C28D216ED470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "530ACB4D-6981-4B39-857E-CBB07EB0CA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B33501E-65BA-45BB-860D-39FA94D010A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9AA3F962-8659-444F-BB08-6CBED2661C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "644E7D14-54E1-4F7E-A640-514A88E03D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E515118-8774-4C7F-8261-305910EF643F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C473F9-81E3-4555-8469-63A27DEDEDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19E695E5-93F5-49FD-AB58-D53169E1AB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B168912-2129-4833-B448-BC7616355885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47AD1736-F47B-4A93-9D59-C88BE0D10FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4D5F27-A8F0-41B4-9832-4F9830F96B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "340C5CF0-AC09-4C17-9F15-6B0BEAC62629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44895917-6186-477B-9B72-AA7B20B3E3E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA26B2AA-395B-4D6C-8260-569E54751532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "800D4E24-7E7A-4316-86F1-B8150DAE540C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3710921E-94D4-4D9E-BD45-86E23ECE8C7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8883FA5A-CC60-4275-9C3B-31A7FBD2A073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BDB0FC-AA36-4C41-B3DC-201F0DE0191A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B38F8E2-7710-4303-A80F-9009619BEC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1637EF-3393-4770-91AE-89EA53D57830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93FA2559-0DB1-49BE-A6E6-C73408F4AB57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:c-ares_project:c-ares:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F4F4BD-4316-4CB2-8FCE-9EE5C59E64EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C73D7118-BF5A-4651-88A3-5BD1F91073C0",
"versionEndExcluding": "0.10.48",
"versionStartIncluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E18583B6-328E-4EC2-9CC2-E13B1EFA8576",
"versionEndExcluding": "0.12.17",
"versionStartIncluding": "0.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E42AB86-763E-4ACE-83ED-E0ECA7E3BCC2",
"versionEndExcluding": "4.6.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFB20FA-CB00-4729-AB3A-816454C6D096",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n ares_create_query en c-ares 1.x en versiones anteriores a 1.12.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (escritura fuera de l\u00edmites) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un nombre de host con puntos finales de fuga."
}
],
"id": "CVE-2016-5180",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-03T15:59:03.270",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0002.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2016/dsa-3682"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/93243"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.ubuntu.com/usn/USN-3143-1"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://c-ares.haxx.se/CVE-2016-5180.patch"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://c-ares.haxx.se/adv_20160929.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://security.gentoo.org/glsa/201701-28"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3143-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://c-ares.haxx.se/CVE-2016-5180.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://c-ares.haxx.se/adv_20160929.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-19 01:15
Modified
2024-11-21 05:38
Severity ?
Summary
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| oracle | blockchain_platform | * | |
| oracle | graalvm | 19.3.4 | |
| oracle | graalvm | 20.3.0 | |
| oracle | jd_edwards_enterpriseone_tools | * | |
| oracle | mysql_cluster | * | |
| oracle | retail_xstore_point_of_service | 16.0.6 | |
| oracle | retail_xstore_point_of_service | 17.0.4 | |
| oracle | retail_xstore_point_of_service | 18.0.3 | |
| oracle | retail_xstore_point_of_service | 19.0.2 | |
| c-ares_project | c-ares | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "993C60FB-8308-4AFC-8394-95D8A976093A",
"versionEndExcluding": "12.19.1",
"versionStartIncluding": "12.16.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "0452B6AC-1392-47E6-A0AE-0B44B59BEBDF",
"versionEndExcluding": "14.15.1",
"versionStartIncluding": "14.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "BC7DAB03-EAA2-46E2-AE08-F5DBB8923C60",
"versionEndExcluding": "15.2.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7",
"versionEndExcluding": "21.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "937F66F5-F5BA-4156-82E0-EB2C99ABD41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "BC0F8B31-F93B-40B6-9C06-A3996DC63829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86305E47-33E9-411C-B932-08C395C09982",
"versionEndExcluding": "9.2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6757B2A9-0311-43DE-A057-F014767E0444",
"versionEndIncluding": "8.0.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "490B2C44-CECD-4551-B04F-4076D0E053C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:c-ares_project:c-ares:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15CA5F77-8F82-4973-92E5-CE914FBCC774",
"versionEndExcluding": "1.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions \u003c 15.2.1, \u003c 14.15.1, and \u003c 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1."
},
{
"lang": "es",
"value": "Una aplicaci\u00f3n Node.js que permite a un atacante desencadenar una petici\u00f3n DNS para un host de su elecci\u00f3n podr\u00eda desencadenar una Denegaci\u00f3n de servicio en las versiones anteriores a 15.2.1, versiones anteriores a 14.15.1 y versiones anteriores a 12.19.1 al conseguir que la aplicaci\u00f3n resuelva un Registro DNS con un mayor n\u00famero de respuestas.\u0026#xa0;Esto es corregido en versiones 15.2.1, 14.15.1 y 12.19.1"
}
],
"id": "CVE-2020-8277",
"lastModified": "2024-11-21T05:38:38.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-19T01:15:12.763",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1033107"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEJBY3RJB3XWUOJFGZM5E3EMQ7MFM3UT/"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEIV4CH6KNVZK63Y6EKVN2XDW7IHSJBJ/"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXLJY4764LYVJPC7NCDLE2UMQ3QC5OI2/"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202012-11"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-07"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1033107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEJBY3RJB3XWUOJFGZM5E3EMQ7MFM3UT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEIV4CH6KNVZK63Y6EKVN2XDW7IHSJBJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXLJY4764LYVJPC7NCDLE2UMQ3QC5OI2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202012-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-23 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/04/20/11 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://nodesecurity.io/advisories/41 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/04/20/11 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodesecurity.io/advisories/41 | Mitigation, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4ED42FEC-D762-4D28-8D6B-56DE5CFD9AA6",
"versionEndIncluding": "1.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings."
},
{
"lang": "es",
"value": "El m\u00f3dulo validator en versiones anteriores a 1.1.0 para Node.js permite a atacantes remotos eludir el filtro de secuencias de comandos en sitios cruzados (XSS) a trav\u00e9s de cadenas prohibidas anidadas."
}
],
"id": "CVE-2013-7454",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-23T21:59:00.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/11"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://nodesecurity.io/advisories/41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://nodesecurity.io/advisories/41"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-13 21:15
Modified
2025-01-14 19:29
Severity ?
Summary
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | swiftnio | * | |
| apple | mac_os_x | * | |
| canonical | ubuntu_linux | * | |
| apache | traffic_server | * | |
| apache | traffic_server | * | |
| apache | traffic_server | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 30 | |
| synology | skynas | - | |
| synology | diskstation_manager | 6.2 | |
| synology | vs960hd_firmware | - | |
| synology | vs960hd | - | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 32 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| redhat | jboss_core_services | 1.0 | |
| redhat | jboss_enterprise_application_platform | 7.2.0 | |
| redhat | jboss_enterprise_application_platform | 7.3.0 | |
| redhat | openshift_service_mesh | 1.0 | |
| redhat | quay | 3.0.0 | |
| redhat | software_collections | 1.0 | |
| redhat | enterprise_linux | 8.0 | |
| oracle | graalvm | 19.2.0 | |
| mcafee | web_gateway | * | |
| mcafee | web_gateway | * | |
| mcafee | web_gateway | * | |
| f5 | nginx | * | |
| f5 | nginx | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93988E60-006B-434D-AB16-1FA1D2FEBC2A",
"versionEndIncluding": "1.4.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D294D56-E784-4DA8-9C2C-BC5A05C92C0C",
"versionStartIncluding": "10.12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B1D2F6-BC1F-47AF-B4E6-4B50986AC622",
"versionStartIncluding": "14.04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "603BF43B-FC99-4039-A3C0-467F015A32FA",
"versionEndIncluding": "6.2.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07BB02CE-D4F2-459C-B0C6-FF78BF7996AE",
"versionEndIncluding": "7.1.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D875E0D8-D109-4F7F-A4C4-9EDD66CEE74E",
"versionEndIncluding": "8.0.3",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C997777-BE79-4F77-90D7-E1A71D474D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9685B12-824F-42AD-B87C-6E7A78BB7FA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0C5120-B961-440F-B454-584BC54B549C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCBDFF9-AF42-4681-879B-CF789EBAD130",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2466282-51AB-478D-9FF4-FA524265ED2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0952BA1A-5DF9-400F-B01F-C3A398A8A2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B157A2D-3422-4224-82D9-15AB3B989075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "732F14CE-7994-4DD2-A28B-AE9E79826C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C120C2F1-D50D-49CC-8E96-207ACCA49674",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "765E9856-2748-4A8B-91F5-A4DB3C8C547A",
"versionEndExcluding": "7.7.2.24",
"versionStartIncluding": "7.7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6E66B1-3291-4E8E-93D6-30E9FDCF983E",
"versionEndExcluding": "7.8.2.13",
"versionStartIncluding": "7.8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "227104AD-396D-4ADD-87C7-C4CD5583DA04",
"versionEndExcluding": "8.2.0",
"versionStartIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68DD813A-1BC4-45FB-A3C4-E1BCE5F82EC1",
"versionEndExcluding": "1.16.1",
"versionStartIncluding": "1.9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1705D3-ABAB-477E-9572-7D4DBAB4E38B",
"versionEndIncluding": "1.17.2",
"versionStartIncluding": "1.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "F881316C-7511-420C-A48B-CE7712D567CD",
"versionEndExcluding": "8.16.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "8CAE0BA6-142B-40D8-805F-6CFF8572C43D",
"versionEndExcluding": "10.16.3",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F522C500-AA33-4029-865F-F27FB00A354E",
"versionEndExcluding": "12.8.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory."
},
{
"lang": "es",
"value": "Algunas implementaciones de HTTP / 2 son vulnerables a una fuga de encabezado, lo que puede conducir a una denegaci\u00f3n de servicio. El atacante env\u00eda una secuencia de encabezados con un nombre de encabezado de longitud 0 y un valor de encabezado de longitud 0, opcionalmente Huffman codificado en encabezados de 1 byte o m\u00e1s. Algunas implementaciones asignan memoria para estos encabezados y mantienen viva la asignaci\u00f3n hasta que la sesi\u00f3n muere. Esto puede consumir un exceso de memoria."
}
],
"id": "CVE-2019-9516",
"lastModified": "2025-01-14T19:29:55.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cret@cert.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-13T21:15:12.583",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2745"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2746"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2775"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2799"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2946"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2950"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/40"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K02591030"
},
{
"source": "cret@cert.org",
"url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K02591030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-05 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39A901D6-0874-46A4-92A8-5F72C7A89E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F608A0-78BE-4F17-9E41-70933E52B3C7",
"versionEndIncluding": "1.0.1s",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "18797BEE-417D-4959-9AAD-C5A7C051B524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6FAA3C31-BD9D-45A9-A502-837FECA6D479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6455A421-9956-4846-AC7C-3431E0D37D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "94D9EC1C-4843-4026-9B05-E060E9391734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
"matchCriteriaId": "B066401C-21CF-4BE9-9C55-C9F1E0C7BE3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A39C31E3-75C0-4E92-A6B5-7D67B22E3449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB318EA4-2908-4B91-8DBB-20008FDF528A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4E46A9-B652-47CE-92E8-01021E57724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36DD8E3F-6308-4680-B932-4CBD8E58A7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA9F0F7-D592-481E-884C-B1A94E702825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD857E7-B878-49F9-BDDA-93DDEBB0B42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A47AB858-36DE-4330-8CAC-1B46C5C8DA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8882E50-7C49-4A99-91F2-DF979CF8BB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "98C32982-095C-4628-9958-118A3D3A9CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B846C63A-7261-481E-B4A4-0D8C79E0D8A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:helion_openstack:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D566AF-D1DE-4EAD-B881-DC40D1DE780C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:helion_openstack:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81BED703-422A-4937-8BF0-F83C248188F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:helion_openstack:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A241BABC-E6A8-43B1-BED6-77FC38E337BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:helion_openstack:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE8AEFE-C74B-4E24-8EBA-35207DE756E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CBD1B3E-644C-42B4-A556-7A4C58D219D6",
"versionEndExcluding": "0.10.45",
"versionStartIncluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E35B5D6-6D7B-4D04-A8E4-88C4C47270AE",
"versionEndExcluding": "0.12.14",
"versionStartIncluding": "0.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "BA51558F-F55C-48B3-870B-6D1225998AB3",
"versionEndExcluding": "4.4.4",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D8D63E80-A861-4393-A868-9845F521CD04",
"versionEndExcluding": "5.11.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A53CB0E-3FBA-4796-BC81-6003A7DC29DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de AES-NI en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h no considera la asignaci\u00f3n de memoria durante una comprobaci\u00f3n de relleno determinada, lo que permite a atacantes remotos obtener informaci\u00f3n de texto claro sensible a trav\u00e9s de un ataque de padding-oracle contra una sesi\u00f3n AES CBC . NOTA: esta vulnerabilidad existe debido a una correcci\u00f3n incorrecta para CVE-2013-0169."
}
],
"id": "CVE-2016-2107",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-05T01:59:03.200",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.citrix.com/article/CTX212736"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/89760"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required"
],
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03726en_us"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03728en_us"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/39768/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.citrix.com/article/CTX212736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/89760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03726en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03728en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/39768/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-18"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-18 21:15
Modified
2024-11-21 05:38
Severity ?
Summary
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "3CB8E8E0-24CC-417B-96D7-AF53B2296661",
"versionEndExcluding": "12.18.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA70BBF0-BD24-4786-A705-48F26FF4B34B",
"versionEndExcluding": "14.11.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js \u003c 12.18.4 and \u003c 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names."
},
{
"lang": "es",
"value": "Node.js versiones anteriores a 12.18.4 y versiones anteriores a 14.11, pueden ser explotado para llevar a cabo ataques de desincronizaci\u00f3n HTTP y entregar cargas \u00fatiles maliciosas a usuarios desprevenidos.\u0026#xa0;Las cargas \u00fatiles pueden ser dise\u00f1adas por un atacante para secuestrar sesiones de usuario, envenenar cookies, llevar a cabo secuestro del click y una multitud de otros ataques dependiendo de la arquitectura del sistema subyacente.\u0026#xa0;El ataque fue posible debido a un error en el procesamiento de los s\u00edmbolos carrier-return en los nombres de encabezado HTTP"
}
],
"id": "CVE-2020-8201",
"lastModified": "2024-11-21T05:38:29.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-18T21:15:12.903",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/922597"
},
{
"source": "support@hackerone.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-07"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/922597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0004/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-23 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/04/20/11 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://nodesecurity.io/advisories/57 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/04/20/11 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodesecurity.io/advisories/57 | Mitigation, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88EAEFE4-41B6-4AFD-A858-190BC7C522C9",
"versionEndIncluding": "1.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive."
},
{
"lang": "es",
"value": "El paquete tar en versiones anteriores a 2.0.0 para Node.js permite a atacantes remotos ercribir archivos arbitrarios a trav\u00e9s de un ataque de enlace simb\u00f3lico en un archivo."
}
],
"id": "CVE-2015-8860",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-23T21:59:00.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/11"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://nodesecurity.io/advisories/57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://nodesecurity.io/advisories/57"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-30 12:29
Modified
2024-11-21 03:38
Severity ?
Summary
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D942BAB1-862E-455A-AAB5-6E87FA891B92",
"versionEndIncluding": "1.0.2p",
"versionStartIncluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5953EAB1-D0E8-48EA-B07D-3B828E6BB326",
"versionEndIncluding": "1.1.0i",
"versionStartIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F69F3542-173D-4E0D-99BB-42FDD206D996",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "2DEF4845-F577-4B12-AA48-39F0830B128E",
"versionEndExcluding": "6.15.0",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "7E79DFA7-55F8-453A-83E9-1C790902FCB8",
"versionEndExcluding": "8.14.0",
"versionStartIncluding": "8.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "25A3180B-21AF-4010-9DAB-41ADFD2D8031",
"versionEndIncluding": "10.12.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "4E62EA78-C705-4AC9-9C0B-3C9114087C37",
"versionEndExcluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:10.13.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "541EAE2B-5446-46CE-BC91-13188EAD6092",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB30733E-68FC-49C4-86C0-7FEE75C366BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6361DAC6-600F-4B15-8797-D67F298F46FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF1DFDA-FB66-4CEA-A658-B167326D1D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
"matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF5449D-22D2-48B4-8F50-57B43DCB15B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite_technology_stack:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "913DA418-A144-48CF-85AB-75B64BFD16DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE38DB6-795A-479B-84A5-3DBA4A101F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E18AA832-DAC1-41D2-8A7C-2C41F06A2281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62B31BEE-88C3-431D-8356-AC28F325E76E",
"versionEndIncluding": "3.12.3",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4340D49A-E1F8-48B7-BA05-0338293B1A14",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08720A23-3B40-4394-8785-845EFEEFAA87",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7CFFE5D2-FB9A-45F9-9FBC-25A6DA9E189A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "092AD60D-99F2-4203-966A-3002E6D9C55B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "273EAFA7-81C4-41A6-B44A-95BA18D9DCB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA25D523-25C4-4EFD-A1BC-0BEEB0EEF8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DEE1C6-215C-47B5-A92D-E4627AD9D503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE3E82F-DCB6-4E1E-BA08-67C85384BBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92A6A7BA-CCE6-426F-8434-7A578A245180",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)."
},
{
"lang": "es",
"value": "Se ha demostrado que el algoritmo de firmas DSA en OpenSSL es vulnerable a un ataque de sincronizaci\u00f3n de canal lateral. Un atacante podr\u00eda emplear variaciones en el algoritmo de firma para recuperar la clave privada. Se ha solucionado en OpenSSL 1.1.1a (afecta a 1.1.1). Se ha solucionado en OpenSSL 1.1.0j (afecta a 1.1.0-1.1.0i). Se ha solucionado en OpenSSL 1.0.2q (afecta a 1.0.2-1.0.2p)."
}
],
"id": "CVE-2018-0734",
"lastModified": "2024-11-21T03:38:50.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-30T12:29:00.257",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105758"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3700"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"source": "openssl-security@openssl.org",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac"
},
{
"source": "openssl-security@openssl.org",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
},
{
"source": "openssl-security@openssl.org",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20181030.txt"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20181030.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-17"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-11 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-request@iojs.org | https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ | Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "C45E9D50-CD3D-480B-B9B8-451ADFF26505",
"versionEndExcluding": "8.9.3",
"versionStartIncluding": "8.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "82FDBB10-3298-4C9A-9CC0-D34643AEC868",
"versionEndExcluding": "9.2.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, \u0027Buffer.alloc(0x100, \"This is not correctly encoded\", \"hex\");\u0027 The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases."
},
{
"lang": "es",
"value": "Node.js ten\u00eda un bug en las versiones 8.X y 9.X que provocaba que los b\u00fafers no se inicializasen cuando la codificaci\u00f3n para el valor de relleno no coincid\u00eda con la codificaci\u00f3n especificada. Por ejemplo, \"Buffer.alloc(0x100, \"This is not correctly encoded\", \"hex\");\" La implementaci\u00f3n del b\u00fafer se actualiz\u00f3 de tal forma que el b\u00fafer se inicializar\u00e1 con todo ceros en esos casos."
}
],
"id": "CVE-2017-15897",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-11T21:29:00.563",
"references": [
{
"source": "cve-request@iojs.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/"
}
],
"sourceIdentifier": "cve-request@iojs.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-23 04:29
Modified
2025-04-20 01:37
Severity ?
Summary
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "335E67A2-8ED1-4E9C-B63A-0B4F4F963A94",
"versionEndExcluding": "1.2.9",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*",
"matchCriteriaId": "6833701E-5510-4180-9523-9CFD318DEE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*",
"matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
"matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
"matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*",
"matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
"matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
"matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F370B9CC-03AA-436B-AF81-1FD48F33BAEB",
"versionEndIncluding": "5.5.61",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2BAC98-4BC4-44EB-AE09-826BD21D5E3D",
"versionEndIncluding": "5.6.41",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76702038-5D38-450F-BA25-FED83FBE758B",
"versionEndIncluding": "5.7.23",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "106FA614-55B8-4D90-B654-47EE199E7CC1",
"versionEndIncluding": "8.0.12",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F72F611A-26E5-4CC7-888E-96AD158D7C68",
"versionEndExcluding": "11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66F7B69D-5362-4E15-9FFE-8F3E87738920",
"versionEndExcluding": "10.13.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11895153-2FE5-4D73-B7FC-182FA280BA36",
"versionEndExcluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49790D15-2446-4138-B1FA-6C806587C5A1",
"versionEndExcluding": "4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_sra:*:*",
"matchCriteriaId": "76181AF5-D035-4372-AAD4-FDD37AC3C071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vasa:*:*",
"matchCriteriaId": "FE940E30-17B5-4973-A5CA-D3E714B153BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*",
"matchCriteriaId": "3275348E-0FAF-4DC1-94A6-B53014659D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
"versionEndIncluding": "11.70.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
"matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
"matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
"matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
"matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "345A90A9-6F29-4620-AA13-D54F9C6D2617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:symantec_netbackup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F48ACED-5496-4AF1-86AF-63AA4D7C3C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:virtual_storage_console:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "D8236A99-A6FC-4C71-A506-55B48FCD3A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "BCA5DE0E-A10C-42A1-BFE3-1FED2C3171AB",
"versionEndExcluding": "4.8.2",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "ED1F2BAC-47F9-49C9-93FE-20EDD46CDF86",
"versionEndExcluding": "6.10.2",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "7F49B5A3-6516-46A2-884B-4D6657C188AE",
"versionEndExcluding": "7.6.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic."
},
{
"lang": "es",
"value": "inffast.c en zlib 1.2.8 puede permitir que atacantes dependientes del contexto causen un impacto no especificado aprovechando una aritm\u00e9tica de puntero incorrecta.."
}
],
"id": "CVE-2016-9841",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-23T04:29:01.743",
"references": [
{
"source": "security@opentext.com",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"source": "security@opentext.com",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"source": "security@opentext.com",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"source": "security@opentext.com",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"source": "security@opentext.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "security@opentext.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "security@opentext.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/95131"
},
{
"source": "security@opentext.com",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"source": "security@opentext.com",
"url": "http://www.securitytracker.com/id/1039596"
},
{
"source": "security@opentext.com",
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"source": "security@opentext.com",
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"source": "security@opentext.com",
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"source": "security@opentext.com",
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"source": "security@opentext.com",
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"source": "security@opentext.com",
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"source": "security@opentext.com",
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"source": "security@opentext.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402346"
},
{
"source": "security@opentext.com",
"url": "https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb"
},
{
"source": "security@opentext.com",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"source": "security@opentext.com",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"source": "security@opentext.com",
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"source": "security@opentext.com",
"url": "https://security.gentoo.org/glsa/202007-54"
},
{
"source": "security@opentext.com",
"url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
},
{
"source": "security@opentext.com",
"url": "https://support.apple.com/HT208112"
},
{
"source": "security@opentext.com",
"url": "https://support.apple.com/HT208113"
},
{
"source": "security@opentext.com",
"url": "https://support.apple.com/HT208115"
},
{
"source": "security@opentext.com",
"url": "https://support.apple.com/HT208144"
},
{
"source": "security@opentext.com",
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"source": "security@opentext.com",
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"source": "security@opentext.com",
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"source": "security@opentext.com",
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"source": "security@opentext.com",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1039596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202007-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-16 19:15
Modified
2024-11-21 05:50
Severity ?
Summary
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| oracle | graalvm | 20.3.3 | |
| oracle | graalvm | 21.2.0 | |
| oracle | jd_edwards_enterpriseone_tools | * | |
| oracle | mysql_cluster | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.57 | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | |
| netapp | nextgen_api | - | |
| siemens | sinec_infrastructure_network_services | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "EACF78A5-3B04-44D7-AC0B-E47D91B6383B",
"versionEndExcluding": "12.22.5",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "D7F361B8-E95A-4107-AED1-5933531ABCD2",
"versionEndExcluding": "14.17.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "59F5CA28-E970-48C4-A406-31667C47F61D",
"versionEndExcluding": "16.6.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "53B2BB06-A2F7-4603-89C3-C8500E55483A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "01E88C86-8C04-4A4A-BF45-9082AA783056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7137F32-D8B8-4D48-B465-CEB35B085CBE",
"versionEndIncluding": "9.2.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BE3F5E-DBD8-4682-A262-CAEFC2D9221F",
"versionEndIncluding": "8.0.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:nextgen_api:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EE68D2F-B62A-413E-9C14-0797D9C9DD60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "If the Node.js https API was used incorrectly and \"undefined\" was in passed for the \"rejectUnauthorized\" parameter, no error was returned and connections to servers with an expired certificate would have been accepted."
},
{
"lang": "es",
"value": "Si la API https de Node.js, era usada incorrectamente y se pasaba \"undefined\" para el par\u00e1metro \"rejectUnauthorized\", no fue devuelto ning\u00fan error y se aceptaban las conexiones a servidores con un certificado caducado."
}
],
"id": "CVE-2021-22939",
"lastModified": "2024-11-21T05:50:58.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-16T19:15:13.897",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1278254"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/"
},
{
"source": "support@hackerone.com",
"url": "https://security.gentoo.org/glsa/202401-02"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210917-0003/"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1278254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210917-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-01 00:15
Modified
2024-11-21 08:00
Severity ?
Summary
A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process's stack memory to locate the permission model Permission::enabled_ in the host process's heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/1954535 | Issue Tracking, Third Party Advisory | |
| support@hackerone.com | https://security.netapp.com/advisory/ntap-20230803-0008/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1954535 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20230803-0008/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "220A3D52-0B69-438A-B042-F19694CC63F1",
"versionEndExcluding": "20.3.1",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process\u0027s stack memory to locate the permission model Permission::enabled_ in the host process\u0027s heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
}
],
"id": "CVE-2023-30586",
"lastModified": "2024-11-21T08:00:28.153",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-01T00:15:10.247",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1954535"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230803-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1954535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230803-0008/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 14:15
Modified
2024-11-21 05:50
Severity ?
Summary
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| netapp | nextgen_api | - | |
| siemens | sinec_infrastructure_network_services | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "42AAE2E9-B563-4D85-AB10-22CD1E19E098",
"versionEndExcluding": "12.22.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "CB6DE478-A795-49FF-9C2C-B74196CA772D",
"versionEndExcluding": "14.17.4",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "990584DA-E1DF-477D-9425-DA7A80209996",
"versionEndExcluding": "16.6.0",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:nextgen_api:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EE68D2F-B62A-413E-9C14-0797D9C9DD60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior."
},
{
"lang": "es",
"value": "Node.js versiones anteriores a 16.6.0, 14.17.4 y 12.22.4, es vulnerable a un ataque de uso de memoria previamente liberada donde un atacante podr\u00eda aprovechar una corrupci\u00f3n de memoria para cambiar el comportamiento del proceso"
}
],
"id": "CVE-2021-22930",
"lastModified": "2024-11-21T05:50:56.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T14:15:08.053",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1238162"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/"
},
{
"source": "support@hackerone.com",
"url": "https://security.gentoo.org/glsa/202401-02"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211112-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1238162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211112-0002/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-14 15:15
Modified
2024-11-21 07:05
Severity ?
Summary
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C542B052-1935-4F37-8843-461401EACDCB",
"versionEndExcluding": "18.5.0",
"versionStartIncluding": "18.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5",
"versionEndExcluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad criptogr\u00e1fica en Node.js en linux en versiones 18.x anteriores a 18.40.0, que permit\u00eda una ruta por defecto para openssl.cnf que podr\u00eda ser accesible en algunas circunstancias para un usuario no administrador en lugar de /etc/ssl como era el caso en las versiones anteriores a la actualizaci\u00f3n a OpenSSL 3"
}
],
"id": "CVE-2022-32222",
"lastModified": "2024-11-21T07:05:57.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T15:15:08.437",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit"
],
"url": "https://hackerone.com/reports/1695596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://hackerone.com/reports/1695596"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-23 04:29
Modified
2025-04-20 01:37
Severity ?
Summary
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zlib | zlib | * | |
| opensuse | leap | 42.1 | |
| opensuse | leap | 42.2 | |
| opensuse | opensuse | 13.2 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| oracle | database_server | 18c | |
| oracle | jdk | 1.6.0 | |
| oracle | jdk | 1.7.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jre | 1.6.0 | |
| oracle | jre | 1.7.0 | |
| oracle | jre | 1.8.0 | |
| oracle | mysql | * | |
| oracle | mysql | * | |
| oracle | mysql | * | |
| oracle | mysql | * | |
| redhat | satellite | 5.8 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_eus | 7.4 | |
| redhat | enterprise_linux_eus | 7.5 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| apple | iphone_os | * | |
| apple | mac_os_x | * | |
| apple | tvos | * | |
| apple | watchos | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "018FE9CE-4D44-4A7D-90DB-A2B1953B5B7F",
"versionEndExcluding": "1.2.9",
"versionStartIncluding": "1.2.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*",
"matchCriteriaId": "6833701E-5510-4180-9523-9CFD318DEE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*",
"matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
"matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
"matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*",
"matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
"matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
"matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F370B9CC-03AA-436B-AF81-1FD48F33BAEB",
"versionEndIncluding": "5.5.61",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2BAC98-4BC4-44EB-AE09-826BD21D5E3D",
"versionEndIncluding": "5.6.41",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76702038-5D38-450F-BA25-FED83FBE758B",
"versionEndIncluding": "5.7.23",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "106FA614-55B8-4D90-B654-47EE199E7CC1",
"versionEndIncluding": "8.0.12",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F72F611A-26E5-4CC7-888E-96AD158D7C68",
"versionEndExcluding": "11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66F7B69D-5362-4E15-9FFE-8F3E87738920",
"versionEndExcluding": "10.13.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11895153-2FE5-4D73-B7FC-182FA280BA36",
"versionEndExcluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49790D15-2446-4138-B1FA-6C806587C5A1",
"versionEndExcluding": "4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "BCA5DE0E-A10C-42A1-BFE3-1FED2C3171AB",
"versionEndExcluding": "4.8.2",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "ED1F2BAC-47F9-49C9-93FE-20EDD46CDF86",
"versionEndExcluding": "6.10.2",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "7F49B5A3-6516-46A2-884B-4D6657C188AE",
"versionEndExcluding": "7.6.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers."
},
{
"lang": "es",
"value": "La funci\u00f3n inflateMark en inflate.c en zlib 1.2.8 podr\u00eda permitir que los atacantes dependientes del contexto tener un impacto no especificado a trav\u00e9s de vectores que implican cambios a la izquierda de enteros negativos."
}
],
"id": "CVE-2016-9842",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-23T04:29:01.837",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"source": "security@opentext.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"source": "security@opentext.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"source": "security@opentext.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "security@opentext.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95131"
},
{
"source": "security@opentext.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"source": "security@opentext.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348"
},
{
"source": "security@opentext.com",
"tags": [
"Patch"
],
"url": "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958"
},
{
"source": "security@opentext.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"source": "security@opentext.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-54"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT208112"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT208113"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT208115"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT208144"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"source": "security@opentext.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT208112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT208113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT208115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT208144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-23 04:29
Modified
2025-04-20 01:37
Severity ?
Summary
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| boost | boost | * | |
| zlib | zlib | * | |
| opensuse | leap | 42.1 | |
| opensuse | leap | 42.2 | |
| opensuse | opensuse | 13.2 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| oracle | database_server | 18c |