Vulnerability Details CVE-2018-7162
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 81.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References
- http://www.securityfocus.com/bid/104468
- https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/
- https://security.gentoo.org/glsa/202003-48
- http://www.securityfocus.com/bid/104468
- https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/
- https://security.gentoo.org/glsa/202003-48
Products affected by CVE-2018-7162
-
cpe:2.3:a:nodejs:node.js:10.0.0
-
cpe:2.3:a:nodejs:node.js:10.1.0
-
cpe:2.3:a:nodejs:node.js:10.2.0
-
cpe:2.3:a:nodejs:node.js:10.2.1
-
cpe:2.3:a:nodejs:node.js:10.3.0
-
cpe:2.3:a:nodejs:node.js:10.4.0
-
cpe:2.3:a:nodejs:node.js:9.0.0
-
cpe:2.3:a:nodejs:node.js:9.1.0
-
cpe:2.3:a:nodejs:node.js:9.10.0
-
cpe:2.3:a:nodejs:node.js:9.10.1
-
cpe:2.3:a:nodejs:node.js:9.11.0
-
cpe:2.3:a:nodejs:node.js:9.11.1
-
cpe:2.3:a:nodejs:node.js:9.2.0
-
cpe:2.3:a:nodejs:node.js:9.2.1
-
cpe:2.3:a:nodejs:node.js:9.3.0
-
cpe:2.3:a:nodejs:node.js:9.4.0
-
cpe:2.3:a:nodejs:node.js:9.5.0
-
cpe:2.3:a:nodejs:node.js:9.6.0
-
cpe:2.3:a:nodejs:node.js:9.6.1
-
cpe:2.3:a:nodejs:node.js:9.7.0
-
cpe:2.3:a:nodejs:node.js:9.7.1
-
cpe:2.3:a:nodejs:node.js:9.8.0
-
cpe:2.3:a:nodejs:node.js:9.9.0