CVE-2021-39157 - OpenCVE

detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding v0.7.0](https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0). No workaround are available and all users should update to resolve this issue.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Detect-character-encoding Project	Detect-character-encoding

Configuration 1 [-]

cpe:2.3:a:detect-character-encoding_project:detect-character-encoding:*:*:*:*:*:node.js:*:*

References

Link	Resource
https://github.com/sonicdoe/detect-character-encoding/commit/992a11007fff6cfd40b952150ab8d30410c4a20a	Patch Third Party Advisory
https://github.com/sonicdoe/detect-character-encoding/issues/15	Exploit Third Party Advisory
https://github.com/sonicdoe/detect-character-encoding/security/advisories/GHSA-jqfh-8hw5-fqjr	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-08-24T18:15:11

Updated: 2021-08-24T18:15:11

Reserved: 2021-08-16T00:00:00

Link: CVE-2021-39157

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-08-24T19:15:32.127

Modified: 2021-09-01T01:03:54.040

Link: CVE-2021-39157

JSON object: View

Redhat Information

No data.

CWE

CWE-755

{"containers": {"cna": {"affected": [{"product": "detect-character-encoding", "vendor": "sonicdoe", "versions": [{"status": "affected", "version": "< 0.7.0"}]}], "descriptions": [{"lang": "en", "value": "detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding v0.7.0](https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0). No workaround are available and all users should update to resolve this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-755", "description": "CWE-755: Improper Handling of Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-24T18:15:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sonicdoe/detect-character-encoding/security/advisories/GHSA-jqfh-8hw5-fqjr"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sonicdoe/detect-character-encoding/issues/15"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sonicdoe/detect-character-encoding/commit/992a11007fff6cfd40b952150ab8d30410c4a20a"}], "source": {"advisory": "GHSA-jqfh-8hw5-fqjr", "discovery": "UNKNOWN"}, "title": "Improper Handling of Exceptional Conditions in detect-character-encoding", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-39157", "STATE": "PUBLIC", "TITLE": "Improper Handling of Exceptional Conditions in detect-character-encoding"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "detect-character-encoding", "version": {"version_data": [{"version_value": "< 0.7.0"}]}}]}, "vendor_name": "sonicdoe"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding v0.7.0](https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0). No workaround are available and all users should update to resolve this issue."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-755: Improper Handling of Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://github.com/sonicdoe/detect-character-encoding/security/advisories/GHSA-jqfh-8hw5-fqjr", "refsource": "CONFIRM", "url": "https://github.com/sonicdoe/detect-character-encoding/security/advisories/GHSA-jqfh-8hw5-fqjr"}, {"name": "https://github.com/sonicdoe/detect-character-encoding/issues/15", "refsource": "MISC", "url": "https://github.com/sonicdoe/detect-character-encoding/issues/15"}, {"name": "https://github.com/sonicdoe/detect-character-encoding/commit/992a11007fff6cfd40b952150ab8d30410c4a20a", "refsource": "MISC", "url": "https://github.com/sonicdoe/detect-character-encoding/commit/992a11007fff6cfd40b952150ab8d30410c4a20a"}]}, "source": {"advisory": "GHSA-jqfh-8hw5-fqjr", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-39157", "datePublished": "2021-08-24T18:15:11", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2021-08-24T18:15:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:detect-character-encoding_project:detect-character-encoding:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "E74204E5-7337-49D3-BCC3-EEC4DE5ACD65", "versionEndExcluding": "0.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding v0.7.0](https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0). No workaround are available and all users should update to resolve this issue."}, {"lang": "es", "value": "detect-character-encoding, es una biblioteca de inspecci\u00f3n de codificaci\u00f3n de caracteres de c\u00f3digo abierto. En detect-character-encoding versiones v0.6.0 y anteriores, los datos que no coinciden con ning\u00fan conjunto de caracteres causan que el proceso Node.js se bloquee. El problema ha sido parcheado en [detect-character-encoding v0.7.0](https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0). No se presentan soluciones disponibles y todos los usuarios deber\u00edan actualizar para resolver este problema."}], "id": "CVE-2021-39157", "lastModified": "2021-09-01T01:03:54.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-08-24T19:15:32.127", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sonicdoe/detect-character-encoding/commit/992a11007fff6cfd40b952150ab8d30410c4a20a"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/sonicdoe/detect-character-encoding/issues/15"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/sonicdoe/detect-character-encoding/security/advisories/GHSA-jqfh-8hw5-fqjr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-755"}], "source": "security-advisories@github.com", "type": "Secondary"}]}