Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nodejsFeross Aboukhadijeh / Mathias Buss MadsenNODEJS:68
HistoryJan 04, 2016 - 7:52 p.m.

Remote Memory Disclosure

2016-01-0419:52:12
Feross Aboukhadijeh / Mathias Buss Madsen
www.npmjs.com
15

EPSS

0.002

Percentile

51.4%

JSON

Overview

Versions of bittorrent-dht prior to 5.1.3 are affected by a remote memory disclosure vulnerability. This vulnerability allows an attacker to send a specific series of of messages to a listening peer and get it to reveal internal memory.

There are two mitigating factors here, that slightly reduce the impact of this vulnerability:

  1. Any modern kernel will zero out new memory pages before handing them off to a process. This means that only memory previously used and deallocated by the node process can be leaked.
  2. Node.js manages Buffers by creating a few large internal SlowBuffers, and slicing them up into smaller Buffers which are made accessible in JS. They are not stored on V8’s heap, because garbage collection would interfere. The result is that only memory that has been previously allocated as a Buffer can be leaked.

Recommendation

Update to version 5.1.3 or later.

References

Related

nvd 1
github 1
prion 1
cve 1
osv 2
cvelist 1
nvd
nvd
CVE-2016-10519
2018-05-31 20:29:00
github
github
Remote Memory Disclosure in bittorrent-dht
2020-09-01 15:22:12
prion
prion
Security feature bypass
2018-05-31 20:29:00
cve
cve
CVE-2016-10519
2018-05-31 20:29:00
osv
osv
Remote Memory Disclosure in bittorrent-dht
2020-09-01 15:22:12
CVE-2016-10519
2018-05-31 20:29:00
cvelist
cvelist
CVE-2016-10519
2018-05-31 20:00:00

EPSS

0.002

Percentile

51.4%

JSON
Related for NODEJS:68
nvd1github1prion1cve1osv2cvelist1