CVE-2014-7191

Reference Links

• https://exchange.xforce.ibmcloud.com/vulnerabilities/96729
• https://www.ibm.com/support/pages/node/7047640 (Advisory)
• http://secunia.com/advisories/60026
• http://secunia.com/advisories/62170
• http://www-01.ibm.com/support/docview.wss?uid=swg21685987
• http://www-01.ibm.com/support/docview.wss?uid=swg21687263
• http://www-01.ibm.com/support/docview.wss?uid=swg21687928
• https://access.redhat.com/errata/RHSA-2016:1380
• https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8
• https://github.com/visionmedia/node-querystring/issues/104
• https://nodesecurity.io/advisories/qs_dos_memory_exhaustion
• http://seclists.org/oss-sec/2014/q3/640
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1146055
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1146056
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1146045
• https://access.redhat.com/security/cve/CVE-2014-7191
• https://bugzilla.redhat.com/show_bug.cgi?id=1146054

Parent vulnerabilities

(Appears in the following advisories)

• IBM-7047640

Frequently Asked Questions

• What is CVE-2014-7191?

  CVE-2014-7191 is a vulnerability in Node.js that can be exploited to cause a denial of service.

• How does CVE-2014-7191 affect IBM Security Verify Governance?

  IBM Security Verify Governance version 10.0 is affected by CVE-2014-7191.

• What is the severity of CVE-2014-7191?

  CVE-2014-7191 has a severity level of medium.

• How can CVE-2014-7191 be exploited?

  An attacker can exploit CVE-2014-7191 by parsing a string representing a deeply nested object in the qs module, causing a denial of service.

• Is there a fix available for CVE-2014-7191?

  No specific fix information is available for CVE-2014-7191. Please refer to the IBM Security Verify Governance documentation and support channels for updates and patches.