CVE-2018-7161
Description
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.
CWE
- (none)
Affected
- The Node.js Project / Node.js — v=8.x+ [affected]; v=9.x+ [affected]; v=10.x+ [affected]
CVSS
- (none)
References
- http://www.securityfocus.com/bid/106363 vdb-entry, x_refsource_BID
- https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/ x_refsource_CONFIRM
- https://security.gentoo.org/glsa/202003-48 vendor-advisory, x_refsource_GENTOO
Source
cvelistV5-main/cves/2018/7xxx/CVE-2018-7161.json