CVE-2017-14919

CWE-20 โ€” Improper Input Validation9 documents7 sources
Severity
7.5HIGH
EPSS
0.8%
top 26.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nodejs Node.js
Timeline
PublishedOct 30
Latest updateMay 17

Description

Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

โ–ถAlpinenodejs< 6.11.5-r0+16
โ–ถNVDnodejs/node.js23 versions+22

๐Ÿ”ดVulnerability Details

3
GHSA
GHSA-mvc4-gp8c-r52f: Nodeโ†—2022-05-17
โ–ถ
OSV
CVE-2017-14919: Nodeโ†—2017-10-30
โ–ถ
CVEList
CVE-2017-14919: Nodeโ†—2017-10-30
โ–ถ

๐Ÿ“‹Vendor Advisories

2
Red Hat
nodejs: DoS via specific windowBits valueโ†—2017-10-24
โ–ถ
Debian
CVE-2017-14919: nodejs - Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote atta...โ†—2017
โ–ถ

๐Ÿ’ฌCommunity

3
Bugzilla
CVE-2017-14919 nodejs: DoS via specific windowBits valueโ†—2017-11-22
โ–ถ
Bugzilla
CVE-2017-14919 nodejs: DoS via specific windowBits value [epel-all]โ†—2017-11-22
โ–ถ
Bugzilla
CVE-2017-14929 poppler: Memory corruption via Gfx.cc infinite loopโ†—2017-10-06
โ–ถ
CVE-2017-14919 (HIGH CVSS 7.5) | Node.js before 4.8.5 | cvebase.io