Lucene search

F5F5:K000139643

HistoryMay 16, 2024 - 12:00 a.m.

K000139643: Node-tar vulnerability CVE-2024-28863

2024-05-1600:00:00

my.f5.com

node.js

node-tar

vulnerability

memory consumption

denial-of-service

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.6%

JSON

Security Advisory Description

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders. (CVE-2024-28863)

Impact

This vulnerability allows an attacker to make use of the node-tar module to consume memory on the system and potentially causing the Node.js client to stop working resulting in a denial-of-service (DoS).

CPENameOperatorVersion
big-ip next central managereq20.0.1
big-ip next central managereq20.0.2
big-ip next central managereq20.1.0
big-ip next central managereq20.1.1
big-ip next central managereq20.2.0
big-ip next cgnat cnfeq1.1.0
big-ip next cgnat cnfeq1.1.1
big-ip next cgnat cnfeq1.2.0
big-ip next cgnat cnfeq1.2.1
big-ip next cgnat cnfeq1.3.0

Name	Operator	Version
big-ip next central manager	eq	20.0.1
big-ip next central manager	eq	20.0.2
big-ip next central manager	eq	20.1.0
big-ip next central manager	eq	20.1.1
big-ip next central manager	eq	20.2.0
big-ip next cgnat cnf	eq	1.1.0
big-ip next cgnat cnf	eq	1.1.1
big-ip next cgnat cnf	eq	1.2.0
big-ip next cgnat cnf	eq	1.2.1
big-ip next cgnat cnf	eq	1.3.0

Rows per page:

1-10 of 4211