Lucene search
HackeroneCVELIST:CVE-2017-16098HistoryApr 26, 2018 - 12:00 a.m.
CVE-2017-16098
2018-04-2600:00:00
CWE-400
hackerone
www.cve.org
0.001 Low
EPSS
Percentile
48.1%
charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb, so the impact of the ReDoS is relatively low.
CNA Affected
[
{
"product": "charset node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "<1.0.0"
}
]
}
]Related
nodejs
nodejs
Regular Expression Denial of Service
2017-09-08 17:43:33
osv
osv
Regular Expression Denial of Service in charset
2018-08-09 20:55:46
CVE-2017-16098
2018-06-07 02:29:02
github
github
Regular Expression Denial of Service in charset
2018-08-09 20:55:46
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2018-06-07 15:34:40
cve
cve
CVE-2017-16098
2018-06-07 02:29:02
prion
prion
Default credentials
2018-06-07 02:29:00
nvd
nvd
CVE-2017-16098
2018-06-07 02:29:02