CVE-2018-7162

CWE-20 — Improper Input Validation CWE-416 — Use After Free10 documents8 sources

Severity

7.5HIGH

EPSS

1.0%

top 22.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nodejs Node.js THE Node.js Project Node.js

Timeline

PublishedJun 13

Latest updateMay 13

Description

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDnodejs/node.js9.0.0 — 9.11.2+1

▶Debiannodejs< 10.15.0~dfsg-6+3

▶CVEListV5the_node.js_project/node.js10.x+, 9.x++1

🔴Vulnerability Details

GHSA

GHSA-h4wv-8vxr-jgjq: All versions of Node↗2022-05-13

▶

OSV

CVE-2018-7162: All versions of Node↗2018-06-13

▶

CVEList

CVE-2018-7162: All versions of Node↗2018-06-13

▶

📋Vendor Advisories

Red Hat

nodejs: denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash↗2018-06-12

▶

Microsoft

▶

Debian

CVE-2018-7162: nodejs - All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An...↗2018

▶

💬Community

Bugzilla

CVE-2018-7162 nodejs: denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash [epel-all]↗2018-06-13

▶

Bugzilla

CVE-2018-7162 nodejs: denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash [fedora-all]↗2018-06-13

▶

Bugzilla

CVE-2018-7162 nodejs: denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash↗2018-06-13

▶