Main Vulnerability Database Vulnerabilities #VU16169

#VU16169 Resource exhaustion in Node.js - CVE-2018-12122

Published: November 29, 2018

Vulnerability identifier: #VU16169

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-12122

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Node.js

Software vendor:
Node.js Foundation

Description

The disclosed vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to the socket is destroyed on the next received chunk when headers are not completely received within this period. A remote attacker can send headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time, consume excessive resources and cause the service to crash.

Remediation

The vulnerability has been fixed in the versions 6.15.0, 8.14.0, 10.14.0, 11.3.0.

External links

https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

#VU16169 Resource exhaustion in Node.js - CVE-2018-12122

Description

Remediation

External links

Please verify you're human