6 matches found
CVE-2018-7159
CVE-2018-7159 affects the Node.js http-parser component: the HTTP parser ignores spaces in Content-Length, allowing Content-Length: 1 2 to be treated as 12. The risk is described as very low in the CVE entry, with exploitation considered difficult. Connected sources confirm this affects http-pars...
CVE-2018-7160
CVE-2018-7160 affects Node.js inspector (6.x and later) and describes a DNS rebinding vulnerability that enables remote code execution if a Node.js process has an open debug port on localhost or a local-network host. An attacker-originating website can trigger a DNS rebinding to bypass same-origi...
CVE-2018-1000168
CVE-2018-1000168 affects nghttp2 versions 1.10.0 through 1.31.0, where an improper input validation in ALTSVC frame handling can cause a segmentation fault and denial of service. The vulnerability is exploitable via network clients. Public advisories confirm the issue is fixed in nghttp2 >= 1....
CVE-2018-7167
CVE-2018-7167 targets Node.js Buffer APIs. Affected: Node.js 6.x, 8.x, and 9.x (LTS boron/carbon and 9.x) with Buffer.fill() or Buffer.alloc() can hang, potentially enabling a DoS. The vulnerability stems from parameters that trigger a hang instead of proceeding to zero-fill. The issue was addres...
CVE-2018-7161
CVE-2018-7161 affects Node.js 8.x–10.x. A DoS can be triggered by interacting with an http2 server in a way that exposes a cleanup bug where objects are used in native code after release. The issue is addressed by updating the http2 implementation. Connected advisories indicate the vulnerability ...
CVE-2018-7162
CVE-2018-7162 affects Node.js 9.x and 10.x where a TLS handshake with duplicate/unexpected messages can crash a node http server, causing DoS. Root cause is a TLS handling issue in vulnerable Node.js versions. The vulnerability is addressed by updating the TLS implementation. Affected software is...