PT-2017-12053 · Node.Js+2 · Node.Js+2
Jann Horn
·
Publicado
2017-07-25
·
Atualizado
2021-07-28
·
CVE-2017-11499
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Node.js versions 4.0 through 4.8.3
Node.js versions 5.x
Node.js versions 6.0 through 6.11.0
Node.js versions 7.0 through 7.10.0
Node.js versions 8.0 through 8.1.3
Description
The issue allows for hash flooding remote Denial of Service (DoS) attacks due to the constant HashTable seed across a given released version of Node.js. This is caused by building with V8 snapshots enabled by default, which overwrites the initially randomized seed on startup.
Recommendations
For Node.js versions 4.0 through 4.8.3, update to a version outside of this range to resolve the issue.
For Node.js versions 5.x, update to a version outside of this range to resolve the issue.
For Node.js versions 6.0 through 6.11.0, update to a version outside of this range to resolve the issue.
For Node.js versions 7.0 through 7.10.0, update to a version outside of this range to resolve the issue.
For Node.js versions 8.0 through 8.1.3, update to a version outside of this range to resolve the issue.
Exploit
Correção
DoS
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Node.Js
Suse