CVE-2018-7162

{"id": "CVE-2018-7162", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-06-13T16:29:01.780", "references": [{"url": "http://www.securityfocus.com/bid/104468", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve-request@iojs.org"}, {"url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "tags": ["Vendor Advisory"], "source": "cve-request@iojs.org"}, {"url": "https://security.gentoo.org/glsa/202003-48", "tags": ["Third Party Advisory"], "source": "cve-request@iojs.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation."}, {"lang": "es", "value": "Todas las versiones 9.x y 10.x de Node.js son vulnerables y la gravedad es ALTA. Un atacante podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) haciendo que un proceso node que proporcione un servidor http de soporte de un servidor TLS se cierre inesperadamente. Esto puede lograrse mediante el env\u00edo de mensajes duplicados/inesperados durante el handshake. Esto ha sido abordado actualizando la implementaci\u00f3n TLS."}], "lastModified": "2022-08-16T13:00:43.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "8C9ECBEB-3A20-44AC-86B9-D4051BC64656", "versionEndExcluding": "9.11.2", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "6F40337E-4705-46D3-9731-A3B3A9303A74", "versionEndExcluding": "10.4.1", "versionStartIncluding": "10.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve-request@iojs.org"}