Main Vulnerability Database Vulnerabilities #VU13378

Resource exhaustion in Node.js - CVE-2018-7164

Published: June 18, 2018

Vulnerability identifier: #VU13378

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-7164

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Node.js Foundation

Affected software:
Node.js

Detailed vulnerability description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient input validation when reading from the network into JavaScript using the net.Socket object directly as a stream. A remote attacker can send tiny chunks of data in short succession, trigger resource exhaustion and cause the server to crash.

How to mitigate CVE-2018-7164

Update to version 10.4.1.

Sources

https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/

Resource exhaustion in Node.js - CVE-2018-7164

Detailed vulnerability description

How to mitigate CVE-2018-7164

Sources

Please verify you're human