CVE-2018-7161
Severity
7.5HIGH
EPSS
1.1%
top 22.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 13
Latest updateMay 13
Description
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages3 packages
Patches
🔴Vulnerability Details
4📋Vendor Advisories
3Red Hat▶
nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash↗2018-06-12
Microsoft▶
All versions of Node.js 8.x 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can ↗2018-06-12
Debian▶
CVE-2018-7161: nodejs - All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HI...↗2018
💬Community
3Bugzilla▶
CVE-2018-7161 nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash↗2018-06-13
Bugzilla▶
CVE-2018-7161 nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash [fedora-all]↗2018-06-13
Bugzilla▶
CVE-2018-7161 nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash [epel-all]↗2018-06-13