Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-7161

Опубликовано: 13 июн. 2018
Источник: nvd
CVSS3: 7.5
CVSS2: 7.8
EPSS Низкий

Описание

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 8.0.0 (включая) до 8.8.1 (включая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Версия от 8.9.0 (включая) до 8.11.3 (исключая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 9.0.0 (включая) до 9.11.2 (исключая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 10.0.0 (включая) до 10.4.1 (исключая)

EPSS

Процентиль: 77%
0.01127
Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2018-7161

CVSS3: 7.5
ubuntu
около 7 лет назад

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.

redhat логотип

CVE-2018-7161

CVSS3: 7.5
redhat
около 7 лет назад

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.

msrc логотип

CVE-2018-7161

CVSS3: 7.5
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2018-7161

CVSS3: 7.5
debian
около 7 лет назад

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the seve ...

github логотип

GHSA-jfr7-p3h5-mh28

CVSS3: 7.5
github
около 3 лет назад

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.

EPSS

Процентиль: 77%
0.01127
Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-20