CVE-2014-7191
The nodejs-qs module has the ability to create sparse arrays during parsing. By specifying a high index in a querystring parameter it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash.
Find out more about CVE-2014-7191 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This package is not shipped with any versions of Red Hat Enterprise Linux. Red Hat Software Collections Library components shipping in version 2.2 are affected.
CVSS v2 metrics
| Base Score | 4.3 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Software Collections for Red Hat Enterprise Linux 7 (nodejs010-nodejs-qs) | RHSA-2016:1380 | 2016-07-05 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 (nodejs010-nodejs-qs) | RHSA-2016:1380 | 2016-07-05 |