PT-2017-13753 · Node.Js+2 · Node.Js+2

Published

2017-10-30

Updated

2026-05-18

CVE-2017-14919

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Node.js versions prior to 4.8.5 Node.js versions 6.x prior to 6.11.5 Node.js versions 8.x prior to 8.8.0

Description The issue allows remote attackers to cause a denial of service by leveraging a change in the zlib module, making 8 an invalid value for the windowBits parameter. This change can lead to an uncaught exception and crash.

Recommendations For Node.js versions prior to 4.8.5, update to version 4.8.5 or later. For Node.js versions 6.x prior to 6.11.5, update to version 6.11.5 or later. For Node.js versions 8.x prior to 8.8.0, update to version 8.8.0 or later.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2018-1303

CLEANSTART-2026-BD71263

CLEANSTART-2026-IS74202

CLEANSTART-2026-JR35772

CLEANSTART-2026-JY06700

CLEANSTART-2026-KN34553

CLEANSTART-2026-KZ45320

CLEANSTART-2026-LJ44720

CLEANSTART-2026-LN12820

CLEANSTART-2026-TX00223

CLEANSTART-2026-WI75198

CVE-2017-14919

SUSE-SU-2018:0002-1

SUSE-SU-2018:0293-1

SUSE-SU-2018_0002-1

SUSE-SU-2018_0293-1

SUSE-SU-2019:14246-1

SUSE-SU-2019_14246-1

Affected Products

Alt Linux

Node.Js

Suse

PT-2017-13753 · Node.Js+2 · Node.Js+2

CVE-2017-14919

Weakness Enumeration

Related Identifiers

Affected Products

References · 389