Логотип exploitDog
product: "node.js"
Консоль
Логотип exploitDog

exploitDog

product: "node.js"

Количество 1 014

Количество 1 014

ubuntu логотип

CVE-2018-7167

около 7 лет назад

Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable.

CVSS3: 7.5
EPSS: Низкий
redhat логотип

CVE-2018-7167

около 7 лет назад

Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable.

CVSS3: 7.5
EPSS: Низкий
nvd логотип

CVE-2018-7167

около 7 лет назад

Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable.

CVSS3: 7.5
EPSS: Низкий
debian логотип

CVE-2018-7167

около 7 лет назад

Calling Buffer.fill() or Buffer.alloc() with some parameters can lead ...

CVSS3: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2018-7166

почти 7 лет назад

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.

CVSS3: 7.5
EPSS: Низкий
redhat логотип

CVE-2018-7166

около 7 лет назад

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.

CVSS3: 5.3
EPSS: Низкий
nvd логотип

CVE-2018-7166

почти 7 лет назад

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.

CVSS3: 7.5
EPSS: Низкий
debian логотип

CVE-2018-7166

почти 7 лет назад

In all versions of Node.js 10 prior to 10.9.0, an argument processing ...

CVSS3: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2018-7164

около 7 лет назад

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.

CVSS3: 7.5
EPSS: Низкий
redhat логотип

CVE-2018-7164

около 7 лет назад

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.

CVSS3: 7.5
EPSS: Низкий
nvd логотип

CVE-2018-7164

около 7 лет назад

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.

CVSS3: 7.5
EPSS: Низкий
debian логотип

CVE-2018-7164

около 7 лет назад

Node.js versions 9.7.0 and later and 10.x are vulnerable and the sever ...

CVSS3: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2018-7162

около 7 лет назад

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

CVSS3: 7.5
EPSS: Низкий
redhat логотип

CVE-2018-7162

около 7 лет назад

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

CVSS3: 7.5
EPSS: Низкий
nvd логотип

CVE-2018-7162

около 7 лет назад

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

CVSS3: 7.5
EPSS: Низкий
debian логотип

CVE-2018-7162

около 7 лет назад

All versions of Node.js 9.x and 10.x are vulnerable and the severity i ...

CVSS3: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2018-7161

около 7 лет назад

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.

CVSS3: 7.5
EPSS: Низкий
redhat логотип

CVE-2018-7161

около 7 лет назад

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.

CVSS3: 7.5
EPSS: Низкий
nvd логотип

CVE-2018-7161

около 7 лет назад

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.

CVSS3: 7.5
EPSS: Низкий
debian логотип

CVE-2018-7161

около 7 лет назад

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the seve ...

CVSS3: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2018-7167

Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable.

CVSS3: 7.5
1%
Низкий
около 7 лет назад
redhat логотип
CVE-2018-7167

Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable.

CVSS3: 7.5
1%
Низкий
около 7 лет назад
nvd логотип
CVE-2018-7167

Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable.

CVSS3: 7.5
1%
Низкий
около 7 лет назад
debian логотип
CVE-2018-7167

Calling Buffer.fill() or Buffer.alloc() with some parameters can lead ...

CVSS3: 7.5
1%
Низкий
около 7 лет назад
ubuntu логотип
CVE-2018-7166

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.

CVSS3: 7.5
1%
Низкий
почти 7 лет назад
redhat логотип
CVE-2018-7166

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.

CVSS3: 5.3
1%
Низкий
около 7 лет назад
nvd логотип
CVE-2018-7166

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.

CVSS3: 7.5
1%
Низкий
почти 7 лет назад
debian логотип
CVE-2018-7166

In all versions of Node.js 10 prior to 10.9.0, an argument processing ...

CVSS3: 7.5
1%
Низкий
почти 7 лет назад
ubuntu логотип
CVE-2018-7164

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.

CVSS3: 7.5
1%
Низкий
около 7 лет назад
redhat логотип
CVE-2018-7164

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.

CVSS3: 7.5
1%
Низкий
около 7 лет назад
nvd логотип
CVE-2018-7164

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.

CVSS3: 7.5
1%
Низкий
около 7 лет назад
debian логотип
CVE-2018-7164

Node.js versions 9.7.0 and later and 10.x are vulnerable and the sever ...

CVSS3: 7.5
1%
Низкий
около 7 лет назад
ubuntu логотип
CVE-2018-7162

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

CVSS3: 7.5
2%
Низкий
около 7 лет назад
redhat логотип
CVE-2018-7162

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

CVSS3: 7.5
2%
Низкий
около 7 лет назад
nvd логотип
CVE-2018-7162

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

CVSS3: 7.5
2%
Низкий
около 7 лет назад
debian логотип
CVE-2018-7162

All versions of Node.js 9.x and 10.x are vulnerable and the severity i ...

CVSS3: 7.5
2%
Низкий
около 7 лет назад
ubuntu логотип
CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.

CVSS3: 7.5
1%
Низкий
около 7 лет назад
redhat логотип
CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.

CVSS3: 7.5
1%
Низкий
около 7 лет назад
nvd логотип
CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.

CVSS3: 7.5
1%
Низкий
около 7 лет назад
debian логотип
CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the seve ...

CVSS3: 7.5
1%
Низкий
около 7 лет назад

Уязвимостей на страницу