rpm package
suse/nodejs6&distro=SUSE Enterprise Storage 4
pkg:rpm/suse/nodejs6&distro=SUSE%20Enterprise%20Storage%204
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-14919 | Hig | 7.5 | < 6.12.2-11.8.1 | 6.12.2-11.8.1 | Oct 30, 2017 | Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. | |
| CVE-2017-3735 | Med | 5.3 | < 6.12.2-11.8.1 | 6.12.2-11.8.1 | Aug 28, 2017 | While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g | |
| CVE-2017-11499 | Hig | 7.5 | < 6.11.1-11.5.1 | 6.11.1-11.5.1 | Jul 25, 2017 | Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building | |
| CVE-2017-1000381 | Hig | 7.5 | < 6.11.1-11.5.1 | 6.11.1-11.5.1 | Jul 7, 2017 | The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. |
- affected < 6.12.2-11.8.1fixed 6.12.2-11.8.1
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.
- affected < 6.12.2-11.8.1fixed 6.12.2-11.8.1
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g
- affected < 6.11.1-11.5.1fixed 6.11.1-11.5.1
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building
- affected < 6.11.1-11.5.1fixed 6.11.1-11.5.1
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
Page 2 of 2