CVE-2017-16026 - OpenCVE

Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:C/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Request Project	Request

Configuration 1 [-]

OR	cpe:2.3:a:request_project:request::::::node.js::*
	cpe:2.3:a:request_project:request::::::node.js::*

References

Link	Resource
https://github.com/request/request/issues/1904	Exploit Issue Tracking Third Party Advisory
https://github.com/request/request/pull/2018	Exploit Issue Tracking Third Party Advisory
https://nodesecurity.io/advisories/309	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2018-04-26T00:00:00

Updated: 2018-06-04T18:57:01

Reserved: 2017-10-29T00:00:00

Link: CVE-2017-16026

JSON object: View

NVD Information

Status : Modified

Published: 2018-06-04T19:29:01.537

Modified: 2019-10-09T23:24:37.767

Link: CVE-2017-16026

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "request node module", "vendor": "HackerOne", "versions": [{"status": "affected", "version": ">=2.2.6 <2.47.0 || >2.51.0 <=2.67.0"}]}], "datePublic": "2018-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-201", "description": "Information Exposure Through Sent Data (CWE-201)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-06-04T18:57:01", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/request/request/pull/2018"}, {"tags": ["x_refsource_MISC"], "url": "https://nodesecurity.io/advisories/309"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/request/request/issues/1904"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "DATE_PUBLIC": "2018-04-26T00:00:00", "ID": "CVE-2017-16026", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "request node module", "version": {"version_data": [{"version_value": ">=2.2.6 <2.47.0 || >2.51.0 <=2.67.0"}]}}]}, "vendor_name": "HackerOne"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Exposure Through Sent Data (CWE-201)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/request/request/pull/2018", "refsource": "MISC", "url": "https://github.com/request/request/pull/2018"}, {"name": "https://nodesecurity.io/advisories/309", "refsource": "MISC", "url": "https://nodesecurity.io/advisories/309"}, {"name": "https://github.com/request/request/issues/1904", "refsource": "MISC", "url": "https://github.com/request/request/issues/1904"}]}}}}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2017-16026", "datePublished": "2018-04-26T00:00:00", "dateReserved": "2017-10-29T00:00:00", "dateUpdated": "2018-06-04T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:request_project:request:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "2A6F49D5-3B4E-4458-8619-E9FA7142BAB3", "versionEndExcluding": "2.47.0", "versionStartIncluding": "2.2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:request_project:request:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "4A539ABF-1016-49AA-8974-04E5C779E3E2", "versionEndIncluding": "2.67.0", "versionStartExcluding": "2.51.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0."}, {"lang": "es", "value": "Request es un cliente http. Si se hace una petici\u00f3n mediante ```multipart``` y el tipo de cuerpo es ```number```, el n\u00famero especificado de memoria que no es cero se pasa en el cuerpo. Esto afecta a Request desde la versi\u00f3n 2.2.6 hasta la 2.47.0 y desde la versi\u00f3n 2.51.0 hasta la 2.67.0, todas incluidas."}], "id": "CVE-2017-16026", "lastModified": "2019-10-09T23:24:37.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-04T19:29:01.537", "references": [{"source": "support@hackerone.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/request/request/issues/1904"}, {"source": "support@hackerone.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/request/request/pull/2018"}, {"source": "support@hackerone.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://nodesecurity.io/advisories/309"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-201"}], "source": "support@hackerone.com", "type": "Secondary"}]}