ByteOS Network

NVD Vulnerability Details :

CVE-2018-12121

Modified

Source-cve-request@iojs.org

Published At-28 Nov, 2018 | 17:29

Updated At-27 Dec, 2024 | 16:15

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

Node.js (OpenJS Foundation)

>>node.js>>Versions from 6.0.0(inclusive) to 6.15.0(exclusive)

cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*

Node.js (OpenJS Foundation)

>>node.js>>Versions from 8.0.0(inclusive) to 8.14.0(exclusive)

cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*

Node.js (OpenJS Foundation)

>>node.js>>Versions from 10.0.0(inclusive) to 10.14.0(exclusive)

cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*

Node.js (OpenJS Foundation)

>>node.js>>Versions from 11.0.0(inclusive) to 11.3.0(exclusive)

cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*

Red Hat, Inc.

>>enterprise_linux>>8.0

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*

Red Hat, Inc.

>>enterprise_linux_desktop>>7.0

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_eus>>8.1

cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_eus>>8.2

cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_eus>>8.4

cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_eus>>8.6

cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server>>7.0

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_aus>>8.2

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_aus>>8.4

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_aus>>8.6

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_tus>>8.2

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_tus>>8.4

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_tus>>8.6

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_workstation>>7.0

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-400	Secondary	cve-request@iojs.org
CWE-400	Primary	nvd@nist.gov

CWE ID: CWE-400

Type: Secondary

Source: cve-request@iojs.org

CWE ID: CWE-400

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/106043	cve-request@iojs.org	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:1821	cve-request@iojs.org	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2258	cve-request@iojs.org	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3497	cve-request@iojs.org	Third Party Advisory
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/	cve-request@iojs.org	Patch Vendor Advisory
https://security.gentoo.org/glsa/202003-48	cve-request@iojs.org	Third Party Advisory
http://www.securityfocus.com/bid/106043	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:1821	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2258	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3497	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
https://security.gentoo.org/glsa/202003-48	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://security.netapp.com/advisory/ntap-20241227-0008/	af854a3a-2127-422b-91ae-364da2661108	N/A