CVE-2018-12121

First published: Wed Nov 28 2018(Updated: )

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.

Credit: cve-request@iojs.org

Affected Software	Affected Version	How to fix
Nodejs Node.js	>=6.0.0<6.15.0
Nodejs Node.js	>=8.0.0<8.14.0
Nodejs Node.js	>=10.0.0<10.14.0
Nodejs Node.js	>=11.0.0<11.3.0
Redhat Enterprise Linux	=8.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Eus	=8.1
Redhat Enterprise Linux Eus	=8.2
Redhat Enterprise Linux Eus	=8.4
Redhat Enterprise Linux Eus	=8.6
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=8.2
Redhat Enterprise Linux Server Aus	=8.4
Redhat Enterprise Linux Server Aus	=8.6
Redhat Enterprise Linux Server Tus	=8.2
Redhat Enterprise Linux Server Tus	=8.4
Redhat Enterprise Linux Server Tus	=8.6
Redhat Enterprise Linux Workstation	=7.0
redhat/nodejs	<6.15.0	6.15.0
redhat/nodejs	<8.14.0	8.14.0
redhat/nodejs	<10.14.0	10.14.0
redhat/nodejs	<11.3.0	11.3.0

Remedy

https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/severity
agent/references
agent/weakness
agent/author
agent/remedy
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2018-12121
agent/software-canonical-lookup
agent/tags
agent/event
collector/mitre-cve
source/MITRE
vendor/nodejs
canonical/nodejs node.js
version/nodejs node.js/6.0.0
version/nodejs node.js/8.0.0
version/nodejs node.js/10.0.0
version/nodejs node.js/11.0.0
vendor/redhat
canonical/redhat enterprise linux
version/redhat enterprise linux/8.0
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/8.1
version/redhat enterprise linux eus/8.2
version/redhat enterprise linux eus/8.4
version/redhat enterprise linux eus/8.6
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/8.2
version/redhat enterprise linux server aus/8.4
version/redhat enterprise linux server aus/8.6
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/8.2
version/redhat enterprise linux server tus/8.4
version/redhat enterprise linux server tus/8.6
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0
package-manager/redhat

CVE-2018-12121

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact