CVE-2018-3739

CRITICAL

https-proxy-agent < 2.1.1 - Denial of Service via Auth Parameter Buffer Handling

Title source: llm
STIX 2.1

Description

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/319532

Scores

CVSS v3 9.1
EPSS 0.0201
EPSS Percentile 78.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Details

CWE
CWE-125 CWE-400
Status published
Products (2)
https-proxy-agent_project/https-proxy-agent < 2.2.0
npm/https-proxy-agent 0 - 2.2.0npm
Published Jun 07, 2018
Tracked Since Feb 18, 2026