MiracleLinux 7 : rh-nodejs8-nodejs-8.17.0-2.el7 (AXSA:2020-200:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-200:01 advisory. nodejs-brace-expansion: Regular expression denial of service CVE-2017-18077 nodejs-chownr: TOCTOU vulnerability in chownr function in chownr.js...

EUVD-2018-0353

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-3737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. CVE-2018-3737 Note that Nessus relies on the presence of the package as reported by the...

RHEL 7 : rh-nodejs8-nodejs (RHSA-2020:2625)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2625 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

nodejs-sshpk: ReDoS when parsing crafted invalid public keys in lib/formats/ssh.js

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys...

CVE-2018-3737

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys...

Regular Expression Denial of Service in sshpk

Versions of sshpk before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys. Recommendation Update to version 1.13.2, 1.14.1 or later...

@fannarsh/trident (>=0.1.0 <=0.2.0), @hola.org/http-signature (=1.1.1-hola.1) +13 more potentially affected by CVE-2018-3737 via sshpk (>=1.0.4 <=1.13.1)

sshpk NPM version =1.0.4, =0.1.0, =2.67.0-hola.5, =2.67.0-lum.3, =1.1.0, =5.6.1, =1.4.2, =5.0.0, =0.0.0, =0.9.4, =0.9.12 Source cves: CVE-2018-3737 Source advisory: OSV:GHSA-2M39-62FM-Q8R3...

GHSA-2M39-62FM-Q8R3 Regular Expression Denial of Service in sshpk

Versions of sshpk before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys. Recommendation Update to version 1.13.2, 1.14.1 or later...

DEBIAN-CVE-2018-3737

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys...

CVE-2018-3737

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys...

CVE-2018-3737

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys...

Code injection

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys...

CVE-2018-3737

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys...

CVE-2018-3737

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys...

CVE-2018-3737

CVE-2018-3737 is a ReDoS vulnerability in the sshpk module when parsing crafted invalid public keys. Connected docs identify this issue as nodejs-sshpk (SSH public-key parsing) referenced in MiracleLinux AXSA-2020-200:01, noting the vulnerability in lib/formats/ssh.js. The Initial Description alr...

Regular Expression Denial of Service

Overview Versions of sshpk before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys. Recommendation Update to version 1.13.2, 1.14.1 or later. References - https://github.com/joyent/node-sshpk/blob/v1.13.1/lib/formats/ssh.jsL17 -...

Regular Expression Denial Of Service (ReDoS)

sshpk is vulnerable to Regular expression Denial of Service ReDoS. Due to weak regular expression choice used for public key, attackers are able to pass a malicious public key string , leading to a huge performance slow down...

PT-2018-3975 · Npm · Sshpk

Name of the Vulnerable Software and Affected Versions: sshpk versions prior to 1.13.2 sshpk versions prior to 1.14.1 Description: The issue is related to the parsing of crafted invalid public keys, which can lead to a regular expression denial of service. This can cause a denial of service,...