Node.js@4.1.2 Security Vulnerabilities and Issues — Node.js@4.1.2 CVE List

Lucene search

NodejsNode.js4.1.2

11 matches found

CVE•added 2017/05/23 4:29 a.m.•946 views

CVE-2016-9843

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

9.8CVSS9.9AI score0.05001EPSS

CVE•added 2017/05/23 4:29 a.m.•566 views

CVE-2016-9841

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

9.8CVSS9.9AI score0.11868EPSS

CVE•added 2017/05/23 4:29 a.m.•471 views

CVE-2016-9840

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

8.8CVSS9.6AI score0.0726EPSS

CVE•added 2017/05/23 4:29 a.m.•448 views

CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

8.8CVSS9.5AI score0.06254EPSS

CVE•added 2017/12/07 4:29 p.m.•357 views

CVE-2017-3738

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks ...

5.9CVSS6.4AI score0.23867EPSS

CVE•added 2017/05/04 7:29 p.m.•233 views

CVE-2017-3731

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users ...

7.5CVSS7.7AI score0.0762EPSS

CVE•added 2017/05/04 8:29 p.m.•191 views

CVE-2016-7055

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is beca...

5.9CVSS6.8AI score0.1088EPSS

CVE•added 2017/05/04 7:29 p.m.•157 views

CVE-2017-3732

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed l...

5.9CVSS6.9AI score0.23408EPSS

CVE•added 2017/07/07 5:29 p.m.•150 views

CVE-2017-1000381

The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.

7.5CVSS7.4AI score0.00656EPSS

CVE•added 2017/12/11 9:29 p.m.•97 views

CVE-2017-15896

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption...

9.1CVSS6.5AI score0.33098EPSS

CVE•added 2017/07/25 1:29 p.m.•58 views

CVE-2017-11499

Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots e...

7.5CVSS7.3AI score0.00323EPSS