Lucene search

K
cve[email protected]CVE-2018-7167
HistoryJun 13, 2018 - 4:29 p.m.

CVE-2018-7167

2018-06-1316:29:01
CWE-119
web.nvd.nist.gov
68
4
cve-2018-7167
buffer.fill()
buffer.alloc()
node.js
vulnerability
security
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%

Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS “Boron”), 8.x (LTS “Carbon”), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable.

Affected configurations

NVD
Node
nodejsnode.jsRange6.9.06.14.3lts
OR
nodejsnode.jsRange8.9.08.11.3lts
OR
nodejsnode.jsRange9.0.09.11.2-

CNA Affected

[
  {
    "product": "Node.js",
    "vendor": "The Node.js Project",
    "versions": [
      {
        "status": "affected",
        "version": "6.x+"
      },
      {
        "status": "affected",
        "version": "8.x+"
      },
      {
        "status": "affected",
        "version": "9.x+"
      },
      {
        "status": "affected",
        "version": "10.x+"
      }
    ]
  }
]

Social References

More

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%