Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-7164

Опубликовано: 12 июн. 2018
Источник: redhat
CVSS3: 7.5

Описание

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8nodejsNot affected
Red Hat OpenShift Application RuntimesnodejsNot affected
Red Hat OpenShift Container Platform 3.10logging-auth-proxyNot affected
Red Hat OpenShift Container Platform 3.10logging-kibanaNot affected
Red Hat Software Collectionsrh-nodejs4-nodejsNot affected
Red Hat Software Collectionsrh-nodejs6-nodejsNot affected
Red Hat Software Collectionsrh-nodejs8-nodejsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1591023nodejs: uncontrolled memory consumption when using the net.Socket as a stream

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-7164

CVSS3: 7.5
ubuntu
около 7 лет назад

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.

nvd логотип

CVE-2018-7164

CVSS3: 7.5
nvd
около 7 лет назад

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.

msrc логотип

CVE-2018-7164

CVSS3: 7.5
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2018-7164

CVSS3: 7.5
debian
около 7 лет назад

Node.js versions 9.7.0 and later and 10.x are vulnerable and the sever ...

github логотип

GHSA-32gr-2v7q-xgqj

CVSS3: 7.5
github
около 3 лет назад

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.

7.5 High

CVSS3