Lucene search
K

4 matches found

NVD
NVD
added 2018/06/07 2:29 a.m.15 views

CVE-2017-16098

charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTPMAXHEADERSIZE= option the default header max length is 80kb, so the impact of the ReDoS is...

7.5CVSS7.5AI score0.01656EPSS
Exploits1References2
OSV
OSV
added 2018/06/07 2:29 a.m.12 views

CVE-2017-16098

charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTPMAXHEADERSIZE= option the default header max length is 80kb, so the impact of the ReDoS is...

7.5CVSS7.7AI score
Exploits0References2
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.20 views

CVE-2017-16098

charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTPMAXHEADERSIZE= option the default header max length is 80kb, so the impact of the ReDoS is...

7.5AI score0.01656EPSS
Exploits1References2
CVE
CVE
added 2018/06/07 2:0 a.m.54 views

CVE-2017-16098

The CVE-2017-16098 issue concerns the charset package vulnerability (Regular Expression Denial of Service). The connected GHSA advisory confirms that affected versions are susceptible to ReDoS, with an observed ~2-second slowdown on 50,000-character inputs, and notes that if Node is built with -D...

7.5CVSS7.4AI score0.01656EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder