nodejs-minimatch: Regular expression denial-of-service

🗓️ 09 Aug 2016 10:02:23Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 2 Views

Regex denial of service flaw in Minimatch; crafted glob patterns can cause CPU usage.

Reporter	Title	Published	Views	Family All 18
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data	30 Nov 202223:02	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.	25 Oct 202213:11	–	ibm
CNVD	Red Hat OpenShift Enterprise Denial of Service Vulnerability (CNVD-2016-07357)	8 Sep 201600:00	–	cnvd
CVE	CVE-2016-1000023	17 Jun 201820:00	–	cve
Cvelist	CVE-2016-1000023	17 Jun 201820:00	–	cvelist
NVD	CVE-2016-1000023	17 Jun 201820:29	–	nvd
OSV	RHSA-2016:1582 Red Hat Security Advisory: nodejs010-nodejs-minimatch security update	13 Sep 202412:27	–	osv
OSV	RHSA-2016:1583 Red Hat Security Advisory: rh-nodejs4-nodejs-minimatch security update	13 Sep 202412:27	–	osv
OSV	RHSA-2016:1605 Red Hat Security Advisory: Red Hat OpenShift Enterprise security update	15 Sep 202423:33	–	osv
Prion	Design/Logic Flaw	17 Jun 201820:29	–	prion

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	any	rh-nodejs4-nodejs-minimatch	0:3.0.2-1.el6	rh-nodejs4-nodejs-minimatch-0:3.0.2-1.el6.noarch.rpm
Red Hat Enterprise Linux	7	any	rh-nodejs4-nodejs-minimatch	0:3.0.2-1.el7	rh-nodejs4-nodejs-minimatch-0:3.0.2-1.el7.noarch.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2016-1000023
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nodesecurity	www.nodesecurity.io/advisories/118
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-1000023
cve	www.cve.org/CVERecord

21 Nov 2025 17:57Current

5.8Medium risk

Vulners AI Score5.8

minimatch denial of service glob patterns cpu usage nodejs