Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-16137

Опубликовано: 05 сент. 2017
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

Отчет

This issue affects the versions of rh-nodejs4-nodejs-debug, rh-nodejs6-nodejs-debug, and rh-nodejs8-nodejs-debug as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Red Hat Virtualization 4.2 EUS includes a vulnerable version of nodejs-debug as a part of the ovirt-engine-api-explorer package. This package is removed in Red Hat Virtualization 4.3. Red Hat Quay includes the debug library as a dependency of karma-webpack. It is only used at build time, and not runtime so its impact is reduce to low in Red Hat Quay.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Mobile Application Platform 4rhmap45/fh-aaaNot affected
Red Hat Mobile Application Platform 4rhmap-fh-appstore-dockerNot affected
Red Hat Mobile Application Platform 4rhmap-fh-mbaas-dockerNot affected
Red Hat Mobile Application Platform 4rhmap-fh-messaging-dockerNot affected
Red Hat Mobile Application Platform 4rhmap-fh-metrics-dockerNot affected
Red Hat Mobile Application Platform 4rhmap-fh-ngui-dockerNot affected
Red Hat Mobile Application Platform 4rhmap-fh-scm-dockerNot affected
Red Hat Mobile Application Platform 4rhmap-fh-statsd-dockerNot affected
Red Hat Mobile Application Platform 4rhmap-fh-supercore-dockerNot affected
Red Hat OpenShift Enterprise 3nodejs-debugWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1500705nodejs-debug: Regular expression Denial of Service

EPSS

Процентиль: 27%
0.00097
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-16137

CVSS3: 5.3
ubuntu
больше 7 лет назад

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

nvd логотип

CVE-2017-16137

CVSS3: 5.3
nvd
больше 7 лет назад

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

debian логотип

CVE-2017-16137

CVSS3: 5.3
debian
больше 7 лет назад

The debug module is vulnerable to regular expression denial of service ...

github логотип

GHSA-gxpj-cx7g-858c

CVSS3: 3.7
github
больше 7 лет назад

Regular Expression Denial of Service in debug

fstec логотип

BDU:2021-02886

CVSS3: 5.3
fstec
больше 4 лет назад

Уязвимость библиотеки debug прикладного программного обеспечения Аврора Центр, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 27%
0.00097
Низкий

5.3 Medium

CVSS3