CVE-2018-7167

Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of...

CVE-2018-7167

CVE-2018-7167 targets Node.js Buffer APIs. Affected: Node.js 6.x, 8.x, and 9.x (LTS boron/carbon and 9.x) with Buffer.fill() or Buffer.alloc() can hang, potentially enabling a DoS. The vulnerability stems from parameters that trigger a hang instead of proceeding to zero-fill. The issue was addres...

CVE-2018-7167

Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of...

PT-2018-17926 · Node.Js +3 · Node.Js +3

Name of the Vulnerable Software and Affected Versions: Node.js versions 6.x through 9.x Description: The issue arises when calling Buffer.fill or Buffer.alloc with certain parameters, leading to a hang and potentially resulting in a Denial of Service. The implementations of Buffer.alloc and...

node.js -- multiple vulnerabilities

Node.js reports: Denial of Service Vulnerability in HTTP/2 CVE-2018-7161 All versions of 8.x and later are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with t...