CVE-2018-7164

Published: Jun 13, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.

Affected (2)

Products: Nodejs: Node.js

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Nodejs Node.js	From 10.0.0 to 10.4.1
Nodejs Node.js	From 9.7.0 to 9.11.2

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (6)

http://www.securityfocus.com/bid/104463

Source: cve-request@iojs.org

Third Party AdvisoryVDB Entry

https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/

Source: cve-request@iojs.org

Vendor Advisory

https://security.gentoo.org/glsa/202003-48

Source: cve-request@iojs.org

Third Party Advisory

http://www.securityfocus.com/bid/104463

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security.gentoo.org/glsa/202003-48

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.