13 matches found
EUVD-2018-0585
Malware in sbrugna...
Denial of Service
Overview Versions of memjs prior to 1.2.2 are vulnerable to Denial of Service DoS. The package fails to sanitize the value option passed to the Buffer constructor, which may allow attackers to pass large values exhausting system resources. Recommendation Upgrade to version 1.2.2 or later...
@forgerock/openam-agent-cache-memcached (=2.0.0), @mapbox/tilelive-memcached (=1.0.1) +74 more potentially affected by CVE-2018-3767 via memjs (>=0.10.2 <=0.9.1)
memjs NPM version =0.10.2, =1.0.0, =0.0.0, =0.12.1, =0.0.1, =0.8.0, =0.1.0, =1.1.0, =1.1.1 and more Source cves: CVE-2018-3767 Source advisory: OSV:GHSA-CX8M-8XMX-Q8V3...
GHSA-CX8M-8XMX-Q8V3 Denial of Service in memjs
Versions of memjs prior to 1.2.2 are vulnerable to Denial of Service DoS. The package fails to sanitize the value option passed to the Buffer constructor, which may allow attackers to pass large values exhausting system resources. Recommendation Upgrade to version 1.2.2 or later...
Denial of Service in memjs
Versions of memjs prior to 1.2.2 are vulnerable to Denial of Service DoS. The package fails to sanitize the value option passed to the Buffer constructor, which may allow attackers to pass large values exhausting system resources. Recommendation Upgrade to version 1.2.2 or later...
memjs denial of service vulnerability
memjs is a Node.js client library for using Memcache. A security vulnerability exists in memjs 1.1.0 and earlier versions, which stems from the program failing to properly perform filtering. An attacker can exploit this vulnerability to cause a denial of service and disclose uninitialized memory...
Input validation
memjs versions = 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage...
CVE-2018-3767
memjs versions = 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage...
CVE-2018-3767
memjs versions = 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage...
CVE-2018-3767
memjs versions = 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage...
CVE-2018-3767
CVE-2018-3767 affects memjs versions
Denial Of Service (DoS)
memjs is vulnerable to denial of service DoS attacks. The vulnerability exists due to the lack of sanitization of the value option which is passed to the Buffer constructor, allowing a DoS attack, as well as information disclosure through the exposure of uninitialized memory...
Node.js third-party modules: `memjs` allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage
I would like to report a Buffer allocation vulnerability in memjs. In cases when the attacker is able to pass typed input e.g. via JSON to the storage, it allows to cause DoS on all Node.js versions and to store and potentially later extract chunks of uninitialized server memory containing...