CVE-2019-10196Improper Initialization in Project Http-proxy-agent

CWE-665Improper Initialization9 documents5 sources
Severity
9.8CRITICALNVD
OSV5.5
EPSS
0.4%
top 41.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Http-proxy-agent Project Http-proxy-agentGraphvizFedoraproject Fedora+1 more
Timeline
PublishedMar 19
Latest updateMar 24

Description

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Ubuntugraphviz/graphviz< 2.36.0-0ubuntu3.2+esm1+3

Also affects: Fedora 27, Enterprise Linux 7.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
OSV
graphviz vulnerabilities2023-03-24
OSV
graphviz vulnerabilities2022-02-03
GHSA
Resource Exhaustion Denial of Service in http-proxy-agent2022-01-06
OSV
Resource Exhaustion Denial of Service in http-proxy-agent2022-01-06

📋Vendor Advisories

1
Red Hat
nodejs-http-proxy-agent: Denial of Service and data leak due to improper buffer sanitization2018-04-05

💬Community

3
Bugzilla
CVE-2019-10196 nodejs-http-proxy-agent: Denial of Service and data leak due to improper buffer sanitization2018-04-13
Bugzilla
CVE-2019-10196 nodejs-http-proxy-agent: Denial of Service and data leak due to improper buffer sanitization [epel-7]2018-04-13
Bugzilla
CVE-2019-10196 nodejs-http-proxy-agent: Denial of Service and data leak due to improper buffer sanitization [fedora-all]2018-04-13
CVE-2019-10196 — Improper Initialization | cvebase