CVE-2018-3739

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-3739

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3739.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-3739

Aliases

GHSA-8g7p-74h8-hg48

Related

CGA-qh9f-pqr2-gq27

Published

2018-06-07T02:29:08.973Z

Modified

2026-03-14T09:29:35.919554Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).

References

https://hackerone.com/reports/319532

Affected packages

Git / github.com/tootallnate/node-https-proxy-agent

Affected ranges

Type

GIT

Repo

https://github.com/tootallnate/node-https-proxy-agent

Events

Introduced

Fixed

5555794b6d9e4b0a36fac80a2d3acea876a8f7dc

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.2.0"
        }
    ]
}

Affected versions

1.*

1.0.0

2.*

2.0.0

2.1.0

2.1.1

2.2.0

2.2.1

2.2.2

3.*

3.0.0

3.0.1

4.*

4.0.0

5.*

5.0.0

5.0.1

agent-base@7.*

agent-base@7.0.1

agent-base@7.0.2

agent-base@7.1.0

agent-base@7.1.1

data-uri-to-buffer@5.*

data-uri-to-buffer@5.0.1

data-uri-to-buffer@6.*

data-uri-to-buffer@6.0.0

data-uri-to-buffer@6.0.1

data-uri-to-buffer@6.0.2

degenerator@4.*

degenerator@4.0.1

degenerator@4.0.2

degenerator@4.0.3

degenerator@4.0.4

degenerator@5.*

degenerator@5.0.0

degenerator@5.0.1

get-uri@6.*

get-uri@6.0.1

get-uri@6.0.2

get-uri@6.0.3

http-proxy-agent@6.*

http-proxy-agent@6.0.1

http-proxy-agent@6.1.0

http-proxy-agent@7.*

http-proxy-agent@7.0.0

http-proxy-agent@7.0.1

http-proxy-agent@7.0.2

https-proxy-agent@6.*

https-proxy-agent@6.0.0

https-proxy-agent@6.1.0

https-proxy-agent@6.2.0

https-proxy-agent@6.2.1

https-proxy-agent@7.*

https-proxy-agent@7.0.0

https-proxy-agent@7.0.1

https-proxy-agent@7.0.2

https-proxy-agent@7.0.3

https-proxy-agent@7.0.4

pac-proxy-agent@6.*

pac-proxy-agent@6.0.1

pac-proxy-agent@6.0.2

pac-proxy-agent@6.0.3

pac-proxy-agent@6.0.4

pac-proxy-agent@7.*

pac-proxy-agent@7.0.0

pac-proxy-agent@7.0.1

pac-resolver@6.*

pac-resolver@6.0.1

pac-resolver@6.0.2

pac-resolver@7.*

pac-resolver@7.0.0

pac-resolver@7.0.1

proxy-agent@6.*

proxy-agent@6.1.0

proxy-agent@6.1.1

proxy-agent@6.1.2

proxy-agent@6.2.0

proxy-agent@6.2.1

proxy-agent@6.2.2

proxy-agent@6.3.0

proxy-agent@6.3.1

proxy-agent@6.4.0

proxy@2.*

proxy@2.0.1

proxy@2.1.0

proxy@2.1.1

socks-proxy-agent@8.*

socks-proxy-agent@8.0.1

socks-proxy-agent@8.0.2

socks-proxy-agent@8.0.3

tsconfig@0.*

tsconfig@0.0.0

v0.*

v0.0.1

v0.0.2

v0.1.0

v0.2.0

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3739.json"