PT-2017-13753 · Node.Js+2 · Node.Js+2

Publicado

2017-10-30

Atualizado

2026-05-18

CVE-2017-14919

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Node.js versions prior to 4.8.5 Node.js versions 6.x prior to 6.11.5 Node.js versions 8.x prior to 8.8.0

Description The issue allows remote attackers to cause a denial of service by leveraging a change in the zlib module, making 8 an invalid value for the windowBits parameter. This change can lead to an uncaught exception and crash.

Recommendations For Node.js versions prior to 4.8.5, update to version 4.8.5 or later. For Node.js versions 6.x prior to 6.11.5, update to version 6.11.5 or later. For Node.js versions 8.x prior to 8.8.0, update to version 8.8.0 or later.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2018-1303

CLEANSTART-2026-BD71263

CLEANSTART-2026-IS74202

CLEANSTART-2026-JR35772

CLEANSTART-2026-JY06700

CLEANSTART-2026-KN34553

CLEANSTART-2026-KZ45320

CLEANSTART-2026-LJ44720

CLEANSTART-2026-LN12820

CLEANSTART-2026-TX00223

CLEANSTART-2026-WI75198

CVE-2017-14919

SUSE-SU-2018:0002-1

SUSE-SU-2018:0293-1

SUSE-SU-2018_0002-1

SUSE-SU-2018_0293-1

SUSE-SU-2019:14246-1

SUSE-SU-2019_14246-1

Produtos afetados

Alt Linux

Node.Js

Suse

PT-2017-13753 · Node.Js+2 · Node.Js+2

CVE-2017-14919

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 389