Lucene search
RedHatRHSA-2016:1380HistoryJul 05, 2016 - 5:53 a.m.
(RHSA-2016:1380) Moderate: nodejs010-node-gyp and nodejs010-nodejs-qs security and bug fix update
2016-07-0505:53:09
access.redhat.com
11
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.06 Low
EPSS
Percentile
92.6%
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
- The nodejs-qs module has the ability to create sparse arrays during parsing. By specifying a high index in a querystring parameter it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash. (CVE-2014-7191)
Bug Fix(es):
- A previous patch to the nodejs010-node-gyp RPM package introduced a bug, which caused the node-gyp module to work incorrectly. As a consequence, users were unable to install or build native Node.js modules. A new patch has been applied, the node-gyp module now works as expected, and it no longer affects other modules. (BZ#1255594)
All nodejs010-nodejs-qs and nodejs010-node-gyp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | src | nodejs010-node-gyp | < 3.2.0-3.el7 | nodejs010-node-gyp-3.2.0-3.el7.src.rpm |
| RedHat | 6 | src | nodejs010-nodejs-qs | < 0.6.5-5.el6 | nodejs010-nodejs-qs-0.6.5-5.el6.src.rpm |
| RedHat | 6 | noarch | nodejs010-nodejs-qs | < 0.6.5-5.el6 | nodejs010-nodejs-qs-0.6.5-5.el6.noarch.rpm |
| RedHat | 6 | src | nodejs010-node-gyp | < 3.2.0-3.el6 | nodejs010-node-gyp-3.2.0-3.el6.src.rpm |
| RedHat | 7 | noarch | nodejs010-nodejs-qs | < 0.6.5-5.el7 | nodejs010-nodejs-qs-0.6.5-5.el7.noarch.rpm |
| RedHat | 7 | noarch | nodejs010-node-gyp | < 3.2.0-3.el7 | nodejs010-node-gyp-3.2.0-3.el7.noarch.rpm |
| RedHat | 6 | noarch | nodejs010-node-gyp | < 3.2.0-3.el6 | nodejs010-node-gyp-3.2.0-3.el6.noarch.rpm |
| RedHat | 7 | src | nodejs010-nodejs-qs | < 0.6.5-5.el7 | nodejs010-nodejs-qs-0.6.5-5.el7.src.rpm |
Related
prion
prion
Design/Logic Flaw
2014-10-19 01:55:00
nessus
nessus
Fedora 19 : nodejs-qs-0.6.6-3.fc19 (2014-11399)
2014-10-06 00:00:00
Fedora 20 : nodejs-qs-0.6.6-3.fc20 (2014-11376)
2014-10-06 00:00:00
debiancve
debiancve
CVE-2014-7191
2014-10-19 01:55:00
osv
osv
Denial-of-Service Memory Exhaustion in qs
2017-10-24 18:33:36
nodejs
nodejs
Denial-of-Service Memory Exhaustion
2015-10-17 19:41:46
veracode
veracode
Denial Of Service (DoS) Memory Consumption
2019-01-15 09:12:08
fedora
fedora
[SECURITY] Fedora 20 Update: nodejs-qs-0.6.6-3.fc20
2014-10-06 05:04:59
[SECURITY] Fedora 19 Update: nodejs-qs-0.6.6-3.fc19
2014-10-06 05:04:26
openvas
openvas
Fedora Update for nodejs-qs FEDORA-2014-11376
2014-10-07 00:00:00
Fedora Update for nodejs-qs FEDORA-2014-11399
2014-10-07 00:00:00
ubuntucve
ubuntucve
CVE-2014-7191
2014-10-19 00:00:00
cve
cve
CVE-2014-7191
2014-10-19 01:55:00
github
github
Denial-of-Service Memory Exhaustion in qs
2017-10-24 18:33:36
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.06 Low
EPSS
Percentile
92.6%
Related for RHSA-2016:1380