UBUNTU-CVE-2018-12121

Source
https://ubuntu.com/security/CVE-2018-12121
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-12121.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-12121
Related
Published
2018-11-28T17:29:00Z
Modified
2024-10-15T14:06:27Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.

References

Affected packages

Ubuntu:Pro:14.04:LTS / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.10.15~dfsg1-4
0.10.21~dfsg1-1
0.10.22~dfsg1-2
0.10.23~dfsg1-1
0.10.23~dfsg1-2
0.10.23~dfsg1-3
0.10.24~dfsg1-1
0.10.25~dfsg2-2
0.10.25~dfsg2-2ubuntu1
0.10.25~dfsg2-2ubuntu1.2
0.10.25~dfsg2-2ubuntu1.2+esm1
0.10.25~dfsg2-2ubuntu1.2+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.10.25~dfsg2-2ubuntu1

4.*

4.2.2~dfsg-1
4.2.3~dfsg-1
4.2.4~dfsg-1ubuntu1
4.2.4~dfsg-2
4.2.6~dfsg-1ubuntu1
4.2.6~dfsg-1ubuntu4
4.2.6~dfsg-1ubuntu4.1
4.2.6~dfsg-1ubuntu4.2
4.2.6~dfsg-1ubuntu4.2+esm1
4.2.6~dfsg-1ubuntu4.2+esm2
4.2.6~dfsg-1ubuntu4.2+esm3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.11.4~dfsg-1ubuntu1
6.11.4~dfsg-1ubuntu2
6.12.0~dfsg-1ubuntu1
6.12.0~dfsg-2ubuntu1
6.12.0~dfsg-2ubuntu2

8.*

8.10.0~dfsg-2
8.10.0~dfsg-2ubuntu0.2
8.10.0~dfsg-2ubuntu0.3
8.10.0~dfsg-2ubuntu0.4
8.10.0~dfsg-2ubuntu0.4+esm1
8.10.0~dfsg-2ubuntu0.4+esm2
8.10.0~dfsg-2ubuntu0.4+esm3
8.10.0~dfsg-2ubuntu0.4+esm4
8.10.0~dfsg-2ubuntu0.4+esm5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}