CVE-2018-7161

Impact:
Moderate
Public Date:
2018-06-12
CWE:
CWE-400
Bugzilla:
1591013: CVE-2018-7161 nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash

The MITRE CVE dictionary describes this issue as:

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.

Find out more about CVE-2018-7161 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 7.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Software Collections for Red Hat Enterprise Linux rh-nodejs6-nodejs Not affected
Red Hat Software Collections for Red Hat Enterprise Linux rh-nodejs8-nodejs Affected
Red Hat Software Collections for Red Hat Enterprise Linux rh-nodejs4-nodejs Not affected
Red Hat OpenShift Enterprise 3.10 logging-kibana Not affected
Red Hat OpenShift Enterprise 3.10 logging-auth-proxy Not affected
Red Hat OpenShift Application Runtimes 1.0 rhoar-nodejs Not affected
Red Hat Mobile Application Platform On-Premise 4 nodejs Not affected

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.