CVE-2018-7164

HIGH

Nodejs Node.js < 9.11.2 - Denial of Service

Title source: rule

Description

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.

References (3)

Scores

CVSS v3 7.5
EPSS 0.0107
EPSS Percentile 77.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-400
Status published

Affected Products (1)

nodejs/node.js < 9.11.2

Timeline

Published Jun 13, 2018
Tracked Since Feb 18, 2026