Уязвимость CVE-2018-7161: Информация
Описание
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.
Важность: HIGH (7,5) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
node | sisyphus | 8.11.3-alt1 | 20.13.1-alt1 | ALT-PU-2018-1961-1 | 209345 | Исправлено |
node | p10 | 8.11.3-alt1 | 16.19.1-alt1 | ALT-PU-2018-1961-1 | 209345 | Исправлено |
node | p9 | 8.11.3-alt1 | 14.17.2-alt1 | ALT-PU-2018-1961-1 | 209345 | Исправлено |
node | p8 | 8.11.4-alt0.M80P.1 | 8.11.4-alt0.M80P.1 | ALT-PU-2018-2477-1 | 213669 | Исправлено |
node | c10f1 | 8.11.3-alt1 | 16.19.1-alt1 | ALT-PU-2018-1961-1 | 209345 | Исправлено |
node | c9f2 | 8.11.3-alt1 | 16.19.1-alt0.c9.1 | ALT-PU-2018-1961-1 | 209345 | Исправлено |
node | p11 | 8.11.3-alt1 | 20.13.1-alt1 | ALT-PU-2018-1961-1 | 209345 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/ |
|
106363 |
|
GLSA-202003-48 |
|