CVE-2018-7164

State: PUBLISHED · Published: 2018-06-13 · Updated: 2024-09-17 · Assigner: nodejs

Description

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.

CWE

(none)

Affected

The Node.js Project / Node.js — v=9.7.X+ [affected]; v=10.x+ [affected]

CVSS

(none)

References

http://www.securityfocus.com/bid/104463 vdb-entry, x_refsource_BID
https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/ x_refsource_CONFIRM
https://security.gentoo.org/glsa/202003-48 vendor-advisory, x_refsource_GENTOO

Source

cvelistV5-main/cves/2018/7xxx/CVE-2018-7164.json