CVE-2018-7162
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.
Todas las versiones 9.x y 10.x de Node.js son vulnerables y la gravedad es ALTA. Un atacante podría provocar una denegación de servicio (DoS) haciendo que un proceso node que proporcione un servidor http de soporte de un servidor TLS se cierre inesperadamente. Esto puede lograrse mediante el envío de mensajes duplicados/inesperados durante el handshake. Esto ha sido abordado actualizando la implementación TLS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-15 CVE Reserved
- 2018-06-13 CVE Published
- 2024-01-31 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/104468 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://nodejs.org/en/blog/vulnerability/june-2018-security-releases | 2022-08-16 | |
https://security.gentoo.org/glsa/202003-48 | 2022-08-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 9.0.0 < 9.11.2 Search vendor "Nodejs" for product "Node.js" and version " >= 9.0.0 < 9.11.2" | - |
Affected
| ||||||
Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 10.0.0 < 10.4.1 Search vendor "Nodejs" for product "Node.js" and version " >= 10.0.0 < 10.4.1" | - |
Affected
|