CVE-2017-16114 — Uncontrolled Resource Consumption in Project Marked

CWE-400 — Uncontrolled Resource Consumption7 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 39.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Marked Project Marked Debian Node-marked Hackerone Marked Node Module

Timeline

PublishedJun 7

Latest updateJul 24

Description

The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5hackerone/marked_node_moduleAll versions

▶debiandebian/node-marked< node-marked 0.3.9+dfsg-1 (bookworm)

▶NVDmarked_project/marked< 0.3.9

▶npmmarked_project/marked< 0.3.9

🔴Vulnerability Details

OSV

Regular Expression Denial of Service in marked↗2018-07-24

▶

GHSA

Regular Expression Denial of Service in marked↗2018-07-24

▶

OSV

CVE-2017-16114: The marked module is vulnerable to a regular expression denial of service↗2018-06-07

▶

📋Vendor Advisories

Debian

CVE-2017-16114: node-marked - The marked module is vulnerable to a regular expression denial of service. Based...↗2017

▶

💬Community

Bugzilla

CVE-2017-16114 nodejs-marked: Regular expression denial of service↗2018-06-07

▶

Bugzilla

CVE-2017-16114 nodejs-marked: Regular expression denial of service [fedora-28]↗2018-06-07

▶