Node.js — программная платформа, основанная на движке V8 (компилирующем JavaScript в машинный код)

Релизный цикл, информация об уязвимостях

Продукт: Node.js

Вендор: nodejs

График релизов

Недавние уязвимости Node.js

Количество 1 090

CVE-2017-1000381

почти 9 лет назад

The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.

CVSS3: 6.5

EPSS: Низкий

CVE-2016-9843

почти 9 лет назад

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

CVSS3: 9.8

EPSS: Средний

CVE-2016-9843

почти 9 лет назад

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-de ...

CVSS3: 9.8

EPSS: Средний

CVE-2016-9842

почти 9 лет назад

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

CVSS3: 8.8

EPSS: Средний

CVE-2016-9842

почти 9 лет назад

The inflateMark function in inflate.c in zlib 1.2.8 might allow contex ...

CVSS3: 8.8

EPSS: Средний

CVE-2016-9841

почти 9 лет назад

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

CVSS3: 9.8

EPSS: Средний

CVE-2016-9841

почти 9 лет назад

inffast.c in zlib 1.2.8 might allow context-dependent attackers to hav ...

CVSS3: 9.8

EPSS: Средний

CVE-2016-9840

почти 9 лет назад

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

CVSS3: 8.8

EPSS: Средний

CVE-2016-9840

почти 9 лет назад

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to ha ...

CVSS3: 8.8

EPSS: Средний

CVE-2016-9840

почти 9 лет назад

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

CVSS3: 8.8

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2017-1000381 The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.	CVSS3: 6.5	1% Низкий	почти 9 лет назад
CVE-2016-9843 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.	CVSS3: 9.8	15% Средний	почти 9 лет назад
CVE-2016-9843 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-de ...	CVSS3: 9.8	15% Средний	почти 9 лет назад
CVE-2016-9842 The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.	CVSS3: 8.8	12% Средний	почти 9 лет назад
CVE-2016-9842 The inflateMark function in inflate.c in zlib 1.2.8 might allow contex ...	CVSS3: 8.8	12% Средний	почти 9 лет назад
CVE-2016-9841 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.	CVSS3: 9.8	20% Средний	почти 9 лет назад
CVE-2016-9841 inffast.c in zlib 1.2.8 might allow context-dependent attackers to hav ...	CVSS3: 9.8	20% Средний	почти 9 лет назад
CVE-2016-9840 inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.	CVSS3: 8.8	13% Средний	почти 9 лет назад
CVE-2016-9840 inftrees.c in zlib 1.2.8 might allow context-dependent attackers to ha ...	CVSS3: 8.8	13% Средний	почти 9 лет назад
CVE-2016-9840 inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.	CVSS3: 8.8	13% Средний	почти 9 лет назад

Уязвимостей на страницу