CVE-2018-7167 - OpenCVE

Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Nodejs	Node.js

Configuration 1 [-]

OR	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*

References

Link	Resource
http://www.securityfocus.com/bid/106363	Third Party Advisory VDB Entry
https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/	Vendor Advisory
https://security.gentoo.org/glsa/202003-48	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: nodejs

Published: 2018-06-12T00:00:00

Updated: 2020-03-20T20:06:09

Reserved: 2018-02-15T00:00:00

Link: CVE-2018-7167

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-06-13T16:29:01.860

Modified: 2022-08-29T20:24:33.207

Link: CVE-2018-7167

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "Node.js", "vendor": "The Node.js Project", "versions": [{"status": "affected", "version": "6.x+"}, {"status": "affected", "version": "8.x+"}, {"status": "affected", "version": "9.x+"}, {"status": "affected", "version": "10.x+"}]}], "datePublic": "2018-06-12T00:00:00", "descriptions": [{"lang": "en", "value": "Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS \"Boron\"), 8.x (LTS \"Carbon\"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-20T20:06:09", "orgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558", "shortName": "nodejs"}, "references": [{"name": "106363", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106363"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"}, {"name": "GLSA-202003-48", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-48"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-request@iojs.org", "DATE_PUBLIC": "2018-06-12T00:00:00", "ID": "CVE-2018-7167", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Node.js", "version": {"version_data": [{"version_value": "6.x+"}, {"version_value": "8.x+"}, {"version_value": "9.x+"}, {"version_value": "10.x+"}]}}]}, "vendor_name": "The Node.js Project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS \"Boron\"), 8.x (LTS \"Carbon\"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "106363", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106363"}, {"name": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"}, {"name": "GLSA-202003-48", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-48"}]}}}}, "cveMetadata": {"assignerOrgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558", "assignerShortName": "nodejs", "cveId": "CVE-2018-7167", "datePublished": "2018-06-12T00:00:00", "dateReserved": "2018-02-15T00:00:00", "dateUpdated": "2020-03-20T20:06:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "matchCriteriaId": "53E60710-2BE3-4FA1-8987-1D7C0965B779", "versionEndExcluding": "6.14.3", "versionStartExcluding": "6.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "matchCriteriaId": "8944CA8D-4792-4FF8-98C1-9C945F55973F", "versionEndExcluding": "8.11.3", "versionStartIncluding": "8.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "8C9ECBEB-3A20-44AC-86B9-D4051BC64656", "versionEndExcluding": "9.11.2", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS \"Boron\"), 8.x (LTS \"Carbon\"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable."}, {"lang": "es", "value": "La llamada a Buffer.fill() o Buffer.alloc() con algunos par\u00e1metros puede conducir a un bloqueo y a una denegaci\u00f3n de servicio (DoS) posterior. Para abordar esta vulnerabilidad, las implementaciones de Buffer.alloc() y Buffer.fill() se actualizaron para que se llenen con cero en lugar de bloquearse en este tipo de casos. Todas las versiones de Node.js 6.x (LTS \"Boron\"), 8.x (LTS \"Carbon\") 9.x son vulnerables. Todas las versiones de Node.js 10.x (actual) NO son vulnerables."}], "id": "CVE-2018-7167", "lastModified": "2022-08-29T20:24:33.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-13T16:29:01.860", "references": [{"source": "cve-request@iojs.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106363"}, {"source": "cve-request@iojs.org", "tags": ["Vendor Advisory"], "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"}, {"source": "cve-request@iojs.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-48"}], "sourceIdentifier": "cve-request@iojs.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}