Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2018-7164

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2018-7164
  • Nodejs » Node.js » Version: 10.0.0
    cpe:2.3:a:nodejs:node.js:10.0.0
  • Nodejs » Node.js » Version: 10.1.0
    cpe:2.3:a:nodejs:node.js:10.1.0
  • Nodejs » Node.js » Version: 10.2.0
    cpe:2.3:a:nodejs:node.js:10.2.0
  • Nodejs » Node.js » Version: 10.2.1
    cpe:2.3:a:nodejs:node.js:10.2.1
  • Nodejs » Node.js » Version: 10.3.0
    cpe:2.3:a:nodejs:node.js:10.3.0
  • Nodejs » Node.js » Version: 10.4.0
    cpe:2.3:a:nodejs:node.js:10.4.0
  • Nodejs » Node.js » Version: 9.10.0
    cpe:2.3:a:nodejs:node.js:9.10.0
  • Nodejs » Node.js » Version: 9.10.1
    cpe:2.3:a:nodejs:node.js:9.10.1
  • Nodejs » Node.js » Version: 9.11.0
    cpe:2.3:a:nodejs:node.js:9.11.0
  • Nodejs » Node.js » Version: 9.11.1
    cpe:2.3:a:nodejs:node.js:9.11.1
  • Nodejs » Node.js » Version: 9.7.0
    cpe:2.3:a:nodejs:node.js:9.7.0
  • Nodejs » Node.js » Version: 9.7.1
    cpe:2.3:a:nodejs:node.js:9.7.1
  • Nodejs » Node.js » Version: 9.8.0
    cpe:2.3:a:nodejs:node.js:9.8.0
  • Nodejs » Node.js » Version: 9.9.0
    cpe:2.3:a:nodejs:node.js:9.9.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved