// For flags

CVE-2018-7167

nodejs: Denial of Service by calling Buffer.fill() or Buffer.alloc() with specially crafted parameters

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable.

La llamada a Buffer.fill() o Buffer.alloc() con algunos parámetros puede conducir a un bloqueo y a una denegación de servicio (DoS) posterior. Para abordar esta vulnerabilidad, las implementaciones de Buffer.alloc() y Buffer.fill() se actualizaron para que se llenen con cero en lugar de bloquearse en este tipo de casos. Todas las versiones de Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon") 9.x son vulnerables. Todas las versiones de Node.js 10.x (actual) NO son vulnerables.

It was found that the Buffer.fill() and Buffer.alloc() function may hang. An attacker able to control the input of these function could use this flaw to cause a denial of service.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-02-15 CVE Reserved
  • 2018-06-13 CVE Published
  • 2024-01-31 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
> 6.9.0 < 6.14.3
Search vendor "Nodejs" for product "Node.js" and version " > 6.9.0 < 6.14.3"
lts
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 8.9.0 < 8.11.3
Search vendor "Nodejs" for product "Node.js" and version " >= 8.9.0 < 8.11.3"
lts
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 9.0.0 < 9.11.2
Search vendor "Nodejs" for product "Node.js" and version " >= 9.0.0 < 9.11.2"
-
Affected