CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-16098

charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb, so the impact of the ReDoS is relatively low.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.2%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://github.com/node-modules/charset/issues/10
https://nodesecurity.io/advisories/524
https://github.com/node-modules/charset/issues/10
https://nodesecurity.io/advisories/524

Products affected by CVE-2017-16098

Charset Project » Charset » Version: 0.0.1

cpe:2.3:a:charset_project:charset:0.0.1
Charset Project » Charset » Version: 0.0.2

cpe:2.3:a:charset_project:charset:0.0.2
Charset Project » Charset » Version: 0.1.0

cpe:2.3:a:charset_project:charset:0.1.0
Charset Project » Charset » Version: 1.0.0

cpe:2.3:a:charset_project:charset:1.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-16098

Products

Pricing

Contact Us