PT-2018-16160 · Unknown · Https-Proxy-Agent

Publicado

2018-07-27

·

Atualizado

2018-07-27

·

CVE-2018-3736

CVSS v3.1

9.1

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions https-proxy-agent versions prior to 2.2.0
Description The issue is related to a denial of service caused by unsanitized options, specifically proxy.auth, being passed to Buffer().
Recommendations Update to version 2.2.0 or later.

Correção

Out of bounds Read

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-400

Identificadores relacionados

CVE-2018-3736
GHSA-8G7P-74H8-HG48

Produtos afetados

Https-Proxy-Agent