fkie_cve-2017-11499
Vulnerability from fkie_nvd
Published
2017-07-25 13:29
Modified
2025-04-20 01:37
Severity ?
Summary
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0390D600-532D-4675-95BB-10EC4E06F3E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35AAF7CD-9AE6-4A4B-858E-4B17031BD058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DCB6010-AC31-4B61-9DA6-E119ADC5D70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5364365-36F1-49C0-BF8D-2D5054BC7B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0740684D-989A-4957-8AC1-AAB01A04E393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08C97202-6AEC-4B8D-B3F6-49F6AEF9CFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFA073A-9AC2-4162-9DDA-B6CD0AE53D3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8FD4B3-D515-486A-94A3-29CBDA2E25CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55E18631-9502-42CC-A85A-EA5742FDC317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCBC213-1524-4C88-9EB3-52E003070A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C928FB55-2F33-4458-8484-4010AE8883A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CEEFA5F-2B32-4CA0-84AD-E0ECA0F81078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4754B0A8-A7D7-41A1-BFE5-10D84E7CEC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D132104E-163C-47EE-B247-578D64AC88D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E208FB1-A772-4002-BD56-3360BDDFEF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "14BE6C0B-E6EC-4CD2-912B-45DE9F94BA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "714EBE27-F0D0-4B2E-90E1-4C73DF7FAA81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE8859F-1EBE-4B9A-A5ED-7FA63D68C947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1249AA75-5676-4AFC-99B4-A59DC9BE1F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E875B302-1923-40AF-B956-A063714BBA9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10940F9C-6671-4C0D-89F9-6111A44FA74D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5F031F09-0AF1-4825-8C8C-AC5A65119E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "413C8F30-5B76-49D6-95C2-E62FC34911EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA03990-23A0-4D9E-A46C-39E4C214CDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89B156BD-1465-4758-A767-5D1377FD9B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AF4AFE-14E3-4264-84BB-45B9CDB6D363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39233953-4ADE-49D7-95E8-0199008375E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "002CF669-688A-40D3-9576-17ABFB17DE4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D6AF6A-5B1A-46DE-B03D-DDEB69B86F8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F29C7E8C-8C0B-4B44-A178-5C31D9B1F3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5573D5-6792-472E-943C-582C104A9266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC50639-CD44-408B-98C2-20A6D71C454B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85C38CBB-154F-4842-B783-86DE1700A59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:4.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A52ABF-EAB6-4B14-8DF2-49E0D93F0737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64F7E56E-CA65-47C3-9ADA-F13A834D3961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "183A5888-01C5-4977-9C66-1467FFA6D457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F811E8BB-F1C8-43BE-BEAD-FC4FE122ABEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDE8D29-7C15-44D1-8D5C-0E438D9DE029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCA3C10-FB37-4256-812A-EB8A3A095E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54197CC5-9C7D-4DCE-A60F-625DE246E5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6173A6E4-F472-46CF-9762-6F3CAAFD9C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C25A52-E3C0-4429-AB96-1E33523E51D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "590070D6-198A-456E-A55D-D0B06DD3FF8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46FCC5E2-1106-4153-B8C6-5E9594735529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56778D45-8B99-406D-BE97-034D3A29F32E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C7E2F2-8C41-4F3B-848A-144DCA30FC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11778EAE-5DCD-4D4E-807B-FD3C0DC47BE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C203335-0CB9-4B38-80C1-344607FFAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D70C084-6B75-401B-9F52-B3E2B5060FEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85D0381B-EECC-49E9-A43E-9877226FAFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5C5E18-2613-4851-953F-6773886A908F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2478B4BA-703D-45BD-9B59-713AEDEDB14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB33415-8446-43C6-9D1B-DF0D6BF8D0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A53CB0E-3FBA-4796-BC81-6003A7DC29DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F3F415-CD69-4E19-A4F9-3673D2907932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "758E9981-966B-4BB5-8982-183683C76228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD05686C-E548-43CB-81C1-5AE3E3E5ECBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1FAA74-207E-4E37-90F7-75202ED64E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F747352F-DFE4-45C3-9806-CBDC1E4A64E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E144BC9-0D69-4C9B-9AF0-D7730F1719EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82EA5976-2268-4FF3-BE6A-5680D45073E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E85F98DB-A43D-47C0-B271-0E25DCF0EA65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94E82A49-5897-43D4-8EF7-F743B8B909E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "083FA7D0-5707-4B87-955A-5C75E416715A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06A96BD0-0922-4E96-BE72-0FB39D6C139F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58A8B882-F8A2-4D11-B9C9-F02227661BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02AA2065-D99B-4805-BD30-63CC42B07264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "612507E3-84F7-4343-8F8F-156BF96B1535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A053FD13-3912-45D3-BBFF-A29415675B4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5406D0BF-7AA8-49A1-A712-A78D0E5A4AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "80F53DBB-AE67-47DF-81AF-3E697D099EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6E72FD09-9C0F-4685-83CE-A60823208169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B889EF50-8C17-48B1-8D79-BFBB69E0E808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A16A6C5-170F-48D2-A9B4-F64CCC436E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "96903DD4-70B8-4F30-AE8D-B5BF4235EC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F99F1B8C-B2A2-46F0-A46B-543876382BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4E9F52-DAAA-4E7E-B37A-A8612DDF6717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:6.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33314D49-3EDD-458F-9DC6-71AC0C1BF2D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6335D5-4A9B-425E-BEE2-F79BE4B07F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC03B878-CC9F-4E5B-98FF-89302D1A14C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85A26147-1A40-40BA-A31A-1D3E3C12B25A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF5735F-9BDC-4F99-8E5F-EE2BA0946B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "726FC696-439B-49FD-AD83-E8E0808A877E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6876765D-5936-49D2-ACCC-DFBAD2ADC7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "531E6D2A-80F5-4E61-9F94-20C52EF51C33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89DB06D6-94B8-47B4-A63B-678866B6CF91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "127BC110-BCB3-4EF5-918B-487AA953DAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD59683C-71B8-40B1-8F63-6C615D1F24C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46ABF6BA-B4EE-4E43-9D53-A088ED8B5C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70CF83FA-1E27-462D-9669-BCF4EA2B112C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BCAB616B-F595-4B96-960F-F0693BFE5AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF65EA06-835C-4CC6-92D4-B457C4EADD43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53E256FD-DC14-4507-9070-32940032FE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7C28EC-2D0F-4146-A495-44B5C63571C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0ABD2F-2130-40BD-B008-095AB6A93BBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "710CFCCF-7086-472E-90A9-ACE36A8F8AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E35B2D35-798E-4186-8C17-4AC717777668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC765BA6-CDB8-4C3B-9D23-64996F38027A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B35BB2AB-7E3E-450D-A135-A0A8020F0BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:8.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A710334-6ADA-4BF3-A4A8-F1EF1CC07674",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup."
},
{
"lang": "es",
"value": "Node.js versi\u00f3n v4.0 hasta v4.8.3, todas las versiones de v5.x, versi\u00f3n v6.0 hasta v6.11.0, versi\u00f3n v7.0 hasta v7.10.0, y versi\u00f3n v8.0 hasta v8.1.3, fue susceptible a ataques DoS remotos de inundaci\u00f3n de hash ya que el seed HashTable fue constante en una versi\u00f3n dada de Node.js. Esto fue el resultado de la compilaci\u00f3n con instant\u00e1neas V8 habilitadas por defecto, lo que caus\u00f3 que el seed aleatorizado inicialmente se sobrescribiera en el arranque."
}
],
"id": "CVE-2017-11499",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-25T13:29:00.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99959"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2908"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:3002"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:3002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…