FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Node.js -- remote DOS security vulnerability

Affected packages
node < 8.8.0
6.10.2 <= node6 < 6.11.5
4.8.2 <= node4 < 4.8.5

Details

VuXML ID d7d1cc94-b971-11e7-af3a-f1035dd0da62
Discovery 2017-10-17
Entry 2017-10-25

Node.js reports:

Node.js was susceptible to a remote DoS attack due to a change that came in as part of zlib v1.2.9. In zlib v1.2.9 8 became an invalid value for the windowBits parameter and Node's zlib module will crash or throw an exception (depending on the version)

[source]

References

CVE Name CVE-2017-14919
URL https://nodejs.org/en/blog/vulnerability/oct-2017-dos/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.