Node.js — программная платформа, основанная на движке V8 (компилирующем JavaScript в машинный код)
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 064
CVE-2017-1000381
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
CVE-2017-1000381
The c-ares function `ares_parse_naptr_reply()`, which is used for pars ...
CVE-2017-1000381
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
SUSE-SU-2017:1792-1
Security update for libcares2
CVE-2017-1000381
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
CVE-2016-9843
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
CVE-2016-9843
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-de ...
CVE-2016-9842
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
CVE-2016-9842
The inflateMark function in inflate.c in zlib 1.2.8 might allow contex ...
CVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2017-1000381 The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
| CVE-2017-1000381 The c-ares function `ares_parse_naptr_reply()`, which is used for pars ... | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
 | CVE-2017-1000381 The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
 | SUSE-SU-2017:1792-1 Security update for libcares2 | 0% Низкий | больше 8 лет назад | |
 | CVE-2017-1000381 The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. | CVSS3: 6.5 | 0% Низкий | больше 8 лет назад |
| CVE-2016-9843 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | CVSS3: 9.8 | 8% Низкий | больше 8 лет назад |
| CVE-2016-9843 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-de ... | CVSS3: 9.8 | 8% Низкий | больше 8 лет назад |
| CVE-2016-9842 The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. | CVSS3: 8.8 | 14% Средний | больше 8 лет назад |
| CVE-2016-9842 The inflateMark function in inflate.c in zlib 1.2.8 might allow contex ... | CVSS3: 8.8 | 14% Средний | больше 8 лет назад |
| CVE-2016-9841 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | CVSS3: 9.8 | 20% Средний | больше 8 лет назад |
Уязвимостей на страницу