PT-2018-17922 · Node.Js+2 · Node.Js+2

Jordan Zebor

Published

2018-06-13

Updated

2026-05-18

CVE-2018-7161

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Node.js versions 8.x through 10.x

Description The issue allows an attacker to cause a denial of service (DoS) by crashing a node server that provides an http2 server. This is achieved by interacting with the http2 server in a way that triggers a cleanup bug, where objects are used in native code after they are no longer available.

Recommendations For Node.js versions 8.x through 10.x, update the http2 implementation to address the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2018-1961

BDU:2026-01434

CLEANSTART-2026-BD71263

CLEANSTART-2026-IS74202

CLEANSTART-2026-JR35772

CLEANSTART-2026-JY06700

CLEANSTART-2026-KN34553

CLEANSTART-2026-KZ45320

CLEANSTART-2026-LJ44720

CLEANSTART-2026-LN12820

CLEANSTART-2026-TX00223

CLEANSTART-2026-WI75198

CVE-2018-7161

OPENSUSE-SU-2018_1963-1

RHSA-2018:2949

SUSE-SU-2018:1918-1

SUSE-SU-2019:14246-1

SUSE-SU-2019_14246-1

Affected Products

Alt Linux

Node.Js

Suse

PT-2018-17922 · Node.Js+2 · Node.Js+2

CVE-2018-7161

Weakness Enumeration

Related Identifiers

Affected Products

References · 391