CVE-2018-7161

{"id": "CVE-2018-7161", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-06-13T16:29:01.750", "references": [{"url": "http://www.securityfocus.com/bid/106363", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve-request@iojs.org"}, {"url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "tags": ["Patch", "Vendor Advisory"], "source": "cve-request@iojs.org"}, {"url": "https://security.gentoo.org/glsa/202003-48", "tags": ["Third Party Advisory"], "source": "cve-request@iojs.org"}, {"url": "http://www.securityfocus.com/bid/106363", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202003-48", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation."}, {"lang": "es", "value": "Todas las versiones 8.x, 9.x y 10.x de Node.js son vulnerables y la gravedad es ALTA. Un atacante podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) haciendo que un servidor node que proporcione un servidor http2 se cierre inesperadamente. Esto puede lograrse interactuando con el servidor http2 de forma que desencadene un error de limpieza por el cual los objetos se emplean en el c\u00f3digo nativo tras dejar de estar disponibles. Esto ha sido abordado actualizando la implementaci\u00f3n http2."}], "lastModified": "2024-11-21T04:11:42.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5", "versionEndIncluding": "8.8.1", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "8944CA8D-4792-4FF8-98C1-9C945F55973F", "versionEndExcluding": "8.11.3", "versionStartIncluding": "8.9.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "8C9ECBEB-3A20-44AC-86B9-D4051BC64656", "versionEndExcluding": "9.11.2", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "6F40337E-4705-46D3-9731-A3B3A9303A74", "versionEndExcluding": "10.4.1", "versionStartIncluding": "10.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve-request@iojs.org"}