CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2018-7159 – nodejs: HTTP parser allowed for spaces inside Content-Length header values
https://notcve.org/view.php?id=CVE-2018-7159
The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete. • https://access.redhat.com/errata/RHSA-2019:2258 https://nodejs.org/en/blog/vulnerability/march-2018-security-releases https://support.f5.com/csp/article/K27228191?utm_source=f5support&%3Butm_medium=RSS https://access.redhat.com/security/cve/CVE-2018-7159 https://bugzilla.redhat.com/show_bug.cgi?id=1561981 • CWE-20: Improper Input Validation CWE-115: Misinterpretation of Input •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2017-15896
https://notcve.org/view.php?id=CVE-2017-15896
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption. Node.js se ha visto afectado por una vulnerabilidad de OpenSSL (CVE-2017-3737) en relación con el uso de SSL_read() debido a un error en la negociación TLS. El resultado era que un atacante de una red activa podría enviar datos de la aplicación a Node.js empleando los módulos TLS o HTTP2 de forma que omitan la autenticación y codificación TLS. • https://nodejs.org/en/blog/vulnerability/december-2017-security-releases •
CVSS: 5.9EPSS: 0%CPEs: 34EXPL: 0CVE-2017-3738 – openssl: rsaz_1024_mul_avx2 overflow bug on x86_64
https://notcve.org/view.php?id=CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/102118 http://www.securitytracker.com/id/1039978 https://access.redhat.com/errata/RHSA-2018:0998 https://access.redhat.com/errata/RHSA-2018:2185 https://access.redhat.co • CWE-190: Integer Overflow or Wraparound CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 100EXPL: 0CVE-2017-11499 – nodejs: Constant Hashtable Seeds vulnerability
https://notcve.org/view.php?id=CVE-2017-11499
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup. Node.js versión v4.0 hasta v4.8.3, todas las versiones de v5.x, versión v6.0 hasta v6.11.0, versión v7.0 hasta v7.10.0, y versión v8.0 hasta v8.1.3, fue susceptible a ataques DoS remotos de inundación de hash ya que el seed HashTable fue constante en una versión dada de Node.js. Esto fue el resultado de la compilación con instantáneas V8 habilitadas por defecto, lo que causó que el seed aleatorizado inicialmente se sobrescribiera en el arranque. It was found that Node.js was using a non-randomized seed when populating hash tables. • http://www.securityfocus.com/bid/99959 https://access.redhat.com/errata/RHSA-2017:2908 https://access.redhat.com/errata/RHSA-2017:3002 https://nodejs.org/en/blog/vulnerability/july-2017-security-releases https://access.redhat.com/security/cve/CVE-2017-11499 https://bugzilla.redhat.com/show_bug.cgi?id=1475327 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2017-1000381 – c-ares: NAPTR parser out of bounds access
https://notcve.org/view.php?id=CVE-2017-1000381
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. La función "ares_parse_naptr_reply()" de c-ares, que es usada para analizar las respuestas NAPTR, podría ser activada para leer la memoria fuera del búfer de entrada dado si el pasado en el paquete de respuesta DNS fue creado de una manera particular. • http://www.securityfocus.com/bid/99148 https://c-ares.haxx.se/0616.patch https://c-ares.haxx.se/adv_20170620.html https://access.redhat.com/security/cve/CVE-2017-1000381 https://bugzilla.redhat.com/show_bug.cgi?id=1463132 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •