Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.
Node.js en versiones anteriores a la 4.8.5, las versiones 6.x anteriores a la 6.11.5 y las versiones 8.x anteriores a la 8.8.0 permiten que atacantes remotos provoquen una denegación de servicio (excepción no detectada y cierre inesperado) aprovechando un cambio en el módulo zlib, versión 1.2.9, que hace que 8 sea un valor no válido para el parámetro windowsBits.
AV:N/AC:L/Au:N/C:N/I:N/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-20
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| nodejs | node.js | 4.8.2 | <built-in method update of dict object at 0x702bdd6ad540> | Application |
| nodejs | node.js | 4.8.3 | <built-in method update of dict object at 0x702bdd6ad240> | Application |
| nodejs | node.js | 4.8.4 | <built-in method update of dict object at 0x702bdd6f5c80> | Application |
| nodejs | node.js | 6.10.2 | <built-in method update of dict object at 0x702bdd6ac600> | Application |
| nodejs | node.js | 6.10.3 | <built-in method update of dict object at 0x702bdd6af780> | Application |
| nodejs | node.js | 6.11.0 | <built-in method update of dict object at 0x702bdd6aef00> | Application |
| nodejs | node.js | 6.11.1 | <built-in method update of dict object at 0x702b80610fc0> | Application |
| nodejs | node.js | 6.11.2 | <built-in method update of dict object at 0x702bdd6ac900> | Application |
| nodejs | node.js | 6.11.3 | <built-in method update of dict object at 0x702bdd6ac880> | Application |
| nodejs | node.js | 6.11.4 | <built-in method update of dict object at 0x702bdd6ae640> | Application |
| nodejs | node.js | 8.0.0 | <built-in method update of dict object at 0x702b80610dc0> | Application |
| nodejs | node.js | 8.1.0 | <built-in method update of dict object at 0x702bdd6ada40> | Application |
| nodejs | node.js | 8.1.1 | <built-in method update of dict object at 0x702bdd12ab00> | Application |
| nodejs | node.js | 8.1.2 | <built-in method update of dict object at 0x702ba7d64840> | Application |
| nodejs | node.js | 8.1.3 | <built-in method update of dict object at 0x702b80611580> | Application |
| nodejs | node.js | 8.1.4 | <built-in method update of dict object at 0x702bfc4209c0> | Application |
| nodejs | node.js | 8.2.0 | <built-in method update of dict object at 0x702bdd6ae240> | Application |
| nodejs | node.js | 8.2.1 | <built-in method update of dict object at 0x702ba7d67580> | Application |
| nodejs | node.js | 8.3.0 | <built-in method update of dict object at 0x702b80612d80> | Application |
| nodejs | node.js | 8.4.0 | <built-in method update of dict object at 0x702bdd307240> | Application |
| nodejs | node.js | 8.5.0 | <built-in method update of dict object at 0x702bdd6f5900> | Application |
| nodejs | node.js | 8.6.0 | <built-in method update of dict object at 0x702bdd6ad100> | Application |
| nodejs | node.js | 8.7.0 | <built-in method update of dict object at 0x702bdc60ca00> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:nodejs:node.js:4.8.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:4.8.3:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:4.8.4:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:6.10.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:6.10.3:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:6.11.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:6.11.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:6.11.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:6.11.3:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:6.11.4:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:8.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:8.1.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:8.1.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:8.1.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:8.1.3:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:8.1.4:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:8.2.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:8.2.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:8.3.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:8.4.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:8.5.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:8.6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:8.7.0:*:*:*:*:*:*:* |