PT-2018-16162 · Hewlett Packard · Https-Proxy-Agent

Publicado

2018-06-07

Atualizado

2019-10-09

CVE-2018-3739

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions https-proxy-agent versions prior to 2.2.0

Description The issue results in a denial of service and an uninitialized memory leak due to unsanitized options being passed to the Buffer() function. This can occur when an attacker submits typed input to the auth parameter, such as in JSON setups.

Recommendations Update to version 2.2.0 or later.

Exploit

Correção

Out of bounds Read

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-400

Identificadores relacionados

CVE-2018-3739

GHSA-8G7P-74H8-HG48

Produtos afetados

Https-Proxy-Agent

PT-2018-16162 · Hewlett Packard · Https-Proxy-Agent

CVE-2018-3739

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9