Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-7162

Опубликовано: 12 июн. 2018
Источник: redhat
CVSS3: 7.5

Описание

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8nodejsNot affected
Red Hat Mobile Application Platform 4nodejsNot affected
Red Hat OpenShift Application RuntimesnodejsNot affected
Red Hat OpenShift Container Platform 3.10logging-auth-proxyNot affected
Red Hat OpenShift Container Platform 3.10logging-kibanaNot affected
Red Hat Software Collectionsrh-nodejs4-nodejsNot affected
Red Hat Software Collectionsrh-nodejs6-nodejsNot affected
Red Hat Software Collectionsrh-nodejs8-nodejsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1591018nodejs: denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-7162

CVSS3: 7.5
ubuntu
больше 7 лет назад

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

nvd логотип

CVE-2018-7162

CVSS3: 7.5
nvd
больше 7 лет назад

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

msrc логотип

CVE-2018-7162

CVSS3: 7.5
msrc
больше 4 лет назад

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

debian логотип

CVE-2018-7162

CVSS3: 7.5
debian
больше 7 лет назад

All versions of Node.js 9.x and 10.x are vulnerable and the severity i ...

github логотип

GHSA-h4wv-8vxr-jgjq

CVSS3: 7.5
github
больше 3 лет назад

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

7.5 High

CVSS3