CVE-2017-11499

CWE-20Improper Input Validation9 documents7 sources
Severity
7.5HIGH
EPSS
0.4%
top 40.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nodejs Node.js
Timeline
PublishedJul 25
Latest updateMay 17

Description

Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debiannodejs< 4.8.4~dfsg-1+3
NVDnodejs/node.js100 versions+99

Patches

Patch: nodejs.orgPatch: nodejs.org

🔴Vulnerability Details

3
GHSA
GHSA-hc9r-2x24-2x3w: Node2022-05-17
CVEList
CVE-2017-11499: Node2017-07-25
OSV
CVE-2017-11499: Node2017-07-25

📋Vendor Advisories

2
Red Hat
nodejs: Constant Hashtable Seeds vulnerability2017-07-11
Debian
CVE-2017-11499: nodejs - Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 th...2017

💬Community

3
Bugzilla
CVE-2017-11499 nodejs: Constant Hashtable Seeds vulnerability [fedora-all]2017-07-26
Bugzilla
CVE-2017-11499 nodejs: Constant Hashtable Seeds vulnerability2017-07-26
Bugzilla
CVE-2017-11499 nodejs: Constant Hashtable Seeds vulnerability [epel-all]2017-07-26
CVE-2017-11499 (HIGH CVSS 7.5) | Node.js v4.0 through v4.8.3 | cvebase.io