Описание
This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.
Remote memory exposure vulnerability was found in nodejs dns-packet library. The buffers (created with allocUnsafe) are not always filled before forming the network packets and an attacker can use this vulnerability to potentially get access to internal application memory over non encrypted networks when querying crafted invalid domain names.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2.0 | servicemesh-prometheus | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/kui-web-terminal-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/search-ui-rhel8 | Not affected | ||
| Red Hat Fuse 7 | apicurito | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-prometheus | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-thanos-rhel8 | Will not fix |
Показывать по
Дополнительная информация
Статус:
6.3 Medium
CVSS3
Связанные уязвимости
This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.
6.3 Medium
CVSS3