Lucene search
HackeroneCVELIST:CVE-2017-16098HistoryJun 07, 2018 - 2:00 a.m.
CVE-2017-16098
2018-06-0702:00:00
CWE-400
hackerone
www.cve.org
2
EPSS
0.001
Percentile
48.3%
charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb, so the impact of the ReDoS is relatively low.
CNA Affected
[
{
"product": "charset node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "<1.0.0"
}
]
}
]Related
nodejs
nodejs
Regular Expression Denial of Service
2017-09-08 17:43:33
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2018-06-07 15:34:40
prion
prion
Default credentials
2018-06-07 02:29:00
osv
osv
CVE-2017-16098
2018-06-07 02:29:02
Regular Expression Denial of Service in charset
2018-08-09 20:55:46
nvd
nvd
CVE-2017-16098
2018-06-07 02:29:02
cve
cve
CVE-2017-16098
2018-06-07 02:29:02
github
github
Regular Expression Denial of Service in charset
2018-08-09 20:55:46