Lucene search

K

GitHub Advisory DatabaseGHSA-JJV7-QPX3-H62Q

HistoryOct 24, 2017 - 6:33 p.m.

Denial-of-Service Memory Exhaustion in qs

2017-10-2418:33:36

CWE-400

GitHub Advisory Database

github.com

17

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.053 Low

EPSS

Percentile

93.1%

Versions prior to 1.0 of qs are affected by a denial of service condition. This condition is triggered by parsing a crafted string that deserializes into very large sparse arrays, resulting in the process running out of memory and eventually crashing.

Recommendation

Update to version 1.0.0 or later.

Affected configurations

Vulners

Node

qs_projectqsRange<1.0.0

CPENameOperatorVersion
qslt1.0.0

References

secunia.com/advisories/60026

secunia.com/advisories/62170

www-01.ibm.com/support/docview.wss?uid=swg21685987

www-01.ibm.com/support/docview.wss?uid=swg21687263

www-01.ibm.com/support/docview.wss?uid=swg21687928

access.redhat.com/errata/RHSA-2016:1380

exchange.xforce.ibmcloud.com/vulnerabilities/96729

github.com/advisories/GHSA-jjv7-qpx3-h62q

github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8

github.com/visionmedia/node-querystring/issues/104

nvd.nist.gov/vuln/detail/CVE-2014-7191

www.npmjs.com/advisories/29

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.053 Low

EPSS

Percentile

93.1%

Related for GHSA-JJV7-QPX3-H62Q

prion1 nessus2 redhat1 debiancve1 osv1 cvelist1 fedora2 ibm7 openvas2 ubuntucve1 nodejs1 veracode1 nvd1 cve1