PRIOn knowledge basePRION:CVE-2016-1000236

HistoryNov 19, 2019 - 5:15 p.m.

Type confusion

2019-11-1917:15:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.1%

Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.

CPENameOperatorVersion
cookie-signaturelt1.0.6
debian_linuxeq8.0
debian_linuxeq9.0

Name	Operator	Version
cookie-signature	lt	1.0.6
debian_linux	eq	8.0
debian_linux	eq	9.0

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=838618

bugzilla.redhat.com/show_bug.cgi?id=1371409

bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000236

security-tracker.debian.org/tracker/CVE-2016-1000236

travis-ci.com/nodejs/security-wg/builds/76423102

www.mail-archive.com/secure-testing-team%40lists.alioth.debian.org/msg06583.html