CVE-2017-16030

HIGH

useragent < 2.1.12 - Uncontrolled Resource Consumption via Long Useragent Header

Title source: llm
STIX 2.1

Description

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://nodesecurity.io/advisories/312

Scores

CVSS v3 7.5
EPSS 0.0116
EPSS Percentile 63.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (2)
npm/useragent 0 - 2.1.13npm
useragent_project/useragent < 2.1.12
Published Jun 04, 2018
Tracked Since Feb 18, 2026