CVE-2018-3737 – nodejs-sshpk: ReDoS when parsing crafted invalid public keys in lib/formats/ssh.js

https://notcve.org/view.php?id=CVE-2018-3737

07 Jun 2018 — sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. sshpk es vulnerable a una denegación de servicio con expresiones regulares (ReDoS) cuando se parsean claves públicas manipuladas no válidas. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability. • https://github.com/ossf-cve-benchmark/CVE-2018-3737 • CWE-185: Incorrect Regular Expression CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •