3 matches found
Ubuntu 16.04 ESM : semver vulnerability (USN-4776-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4776-1 advisory. It was discovered that semver incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. Tenable has...
CVE-2015-8855
The CVE-2015-8855 entry concerns the semver package for Node.js, where versions before 4.3.2 are vulnerable to a regular expression denial of service (ReDoS) via an excessively long version string. Root cause: an error in the regular expression implementation within semver. Impact: potential CPU ...
CVE-2015-8855
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...