1 results (0.002 seconds)
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2
CVE-2018-3737 – nodejs-sshpk: ReDoS when parsing crafted invalid public keys in lib/formats/ssh.js
https://notcve.org/view.php?id=CVE-2018-3737
sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. sshpk es vulnerable a una denegación de servicio con expresiones regulares (ReDoS) cuando se parsean claves públicas manipuladas no válidas. • https://github.com/ossf-cve-benchmark/CVE-2018-3737 https://hackerone.com/reports/319593 https://access.redhat.com/security/cve/CVE-2018-3737 https://bugzilla.redhat.com/show_bug.cgi?id=1567228 • CWE-185: Incorrect Regular Expression CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •