admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 09:41:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2018/CVE-2018-71xx/CVE-2018-7167.json

135 lines
4.4 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2018-7167",
"sourceIdentifier": "cve-request@iojs.org",
"published": "2018-06-13T16:29:01.860",
"lastModified": "2022-08-29T20:24:33.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS \"Boron\"), 8.x (LTS \"Carbon\"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable."
},
{
"lang": "es",
"value": "La llamada a Buffer.fill() o Buffer.alloc() con algunos par\u00e1metros puede conducir a un bloqueo y a una denegaci\u00f3n de servicio (DoS) posterior. Para abordar esta vulnerabilidad, las implementaciones de Buffer.alloc() y Buffer.fill() se actualizaron para que se llenen con cero en lugar de bloquearse en este tipo de casos. Todas las versiones de Node.js 6.x (LTS \"Boron\"), 8.x (LTS \"Carbon\") 9.x son vulnerables. Todas las versiones de Node.js 10.x (actual) NO son vulnerables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"versionStartExcluding": "6.9.0",
"versionEndExcluding": "6.14.3",
"matchCriteriaId": "53E60710-2BE3-4FA1-8987-1D7C0965B779"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "8.9.0",
"versionEndExcluding": "8.11.3",
"matchCriteriaId": "8944CA8D-4792-4FF8-98C1-9C945F55973F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.11.2",
"matchCriteriaId": "8C9ECBEB-3A20-44AC-86B9-D4051BC64656"
}
]
}
]
}
],
"references": [
{
"url": "http://www.securityfocus.com/bid/106363",
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/",
"source": "cve-request@iojs.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202003-48",
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue Copy Permalink