FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Node.js -- remote DOS security vulnerability

Affected packages
node < 8.8.0
6.10.2 <= node6 < 6.11.5
4.8.2 <= node4 < 4.8.5

Details

VuXML ID d7d1cc94-b971-11e7-af3a-f1035dd0da62
Discovery 2017-10-17
Entry 2017-10-25

Node.js reports:

Node.js was susceptible to a remote DoS attack due to a change that came in as part of zlib v1.2.9. In zlib v1.2.9 8 became an invalid value for the windowBits parameter and Node's zlib module will crash or throw an exception (depending on the version)

References

CVE Name CVE-2017-14919
URL https://nodejs.org/en/blog/vulnerability/oct-2017-dos/