PT-2018-17923 · Node.Js · Node.Js
Jordan Zebor
·
Published
2018-06-13
·
Updated
2022-08-16
·
CVE-2018-7162
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Node.js versions 9.x through 10.x
Description
The issue allows an attacker to cause a denial of service (DoS) by crashing a node process that provides an http server supporting TLS server. This can be accomplished by sending duplicate or unexpected messages during the handshake.
Recommendations
For Node.js versions 9.x through 10.x, update the TLS implementation to address the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Node.Js