Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-7161

Опубликовано: 13 июн. 2018
Источник: ubuntu
Приоритет: medium
CVSS2: 7.8
CVSS3: 7.5

Описание

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.

РелизСтатусПримечание
artful

ignored

end of life
bionic

released

8.10.0~dfsg-2ubuntu0.2
cosmic

not-affected

8.11.4~dfsg-0ubuntu1
devel

not-affected

10.15.2~dfsg-1
esm-apps/bionic

released

8.10.0~dfsg-2ubuntu0.2
esm-apps/xenial

not-affected

code not present
esm-infra-legacy/trusty

not-affected

code not present
precise/esm

DNE

trusty

not-affected

code not present
trusty/esm

not-affected

code not present

Показывать по

Ссылки на источники

7.8 High

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-7161

CVSS3: 7.5
redhat
около 7 лет назад

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.

nvd логотип

CVE-2018-7161

CVSS3: 7.5
nvd
около 7 лет назад

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.

msrc логотип

CVE-2018-7161

CVSS3: 7.5
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2018-7161

CVSS3: 7.5
debian
около 7 лет назад

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the seve ...

github логотип

GHSA-jfr7-p3h5-mh28

CVSS3: 7.5
github
около 3 лет назад

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.

7.8 High

CVSS2

7.5 High

CVSS3

Уязвимость CVE-2018-7161