CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
91.5%
This update provides nodejs v6.17.1 fixing at least the following security issues: The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer (CVE-2017-1000381) Fix for ‘path’ module regular expression denial of service (CVE-2018-7158) Reject spaces in HTTP Content-Length header values (CVE-2018-7159) Fix for inspector DNS rebinding vulnerability (CVE-2018-7160) buffer: Fixes Denial of Service vulnerability where calling Buffer.fill() could hang (CVE-2018-7167) buffer: Fix out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding (CVE-2018-12115) Node.js: HTTP request splitting (CVE-2018-12116) Node.js: Debugger port 5858 listens on any interface by default (CVE-2018-12120) Node.js: Denial of Service with large HTTP headers (CVE-2018-12121) Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122) Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123) Node.js: Slowloris HTTP Denial of Service with keep-alive (CVE-2019-5737) Node.js: Denial of Service with keep-alive HTTP connections (CVE-2019-5739) For other fixes in this update, see the referenced release logs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | nodejs | < 6.17.1-8 | nodejs-6.17.1-8.mga6 |
Mageia | 6 | noarch | http-parser | < 2.9.2-1 | http-parser-2.9.2-1.mga6 |
Mageia | 6 | noarch | libuv | < 1.16.1-1 | libuv-1.16.1-1.mga6 |
bugs.mageia.org/show_bug.cgi?id=21330
nodejs.org/en/blog/release/v6.11.0/
nodejs.org/en/blog/release/v6.11.1/
nodejs.org/en/blog/release/v6.11.2/
nodejs.org/en/blog/release/v6.11.3/
nodejs.org/en/blog/release/v6.11.4/
nodejs.org/en/blog/release/v6.12.0/
nodejs.org/en/blog/release/v6.12.1/
nodejs.org/en/blog/release/v6.12.2/
nodejs.org/en/blog/release/v6.12.3/
nodejs.org/en/blog/release/v6.13.0/
nodejs.org/en/blog/release/v6.13.1/
nodejs.org/en/blog/release/v6.14.0/
nodejs.org/en/blog/release/v6.14.1/
nodejs.org/en/blog/release/v6.14.2/
nodejs.org/en/blog/release/v6.14.3/
nodejs.org/en/blog/release/v6.15.0/
nodejs.org/en/blog/release/v6.15.1/
nodejs.org/en/blog/release/v6.16.0/
nodejs.org/en/blog/release/v6.17.0/
nodejs.org/en/blog/release/v6.17.1/
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
91.5%