MGASA-2014-0007

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0007.html

Import Source

https://advisories.mageia.org/MGASA-2014-0007.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2014-0007

Related

CVE-2013-4450
CVE-2013-6639
CVE-2013-6640

Published

2014-01-06T01:20:19Z

Modified

2014-01-06T01:20:16Z

Summary

Updated nodejs package fixes security vulnerabilities

Details

A denial of service flaw was found in the way Node.js handled pipelined HTTP requests. A remote attacker could use this flaw to send an excessive amount of HTTP requests over a network connection, causing Node.js to use an excessive amount of memory and possibly exit when all available memory is exhausted (CVE-2013-4450).

Denial of service issues in the bundled v8 JavaScript library (CVE-2013-6639, CVE-2013-6640).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / nodejs

Package

Name: nodejs
Purl: pkg:rpm/mageia/nodejs?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.24-1.mga3

Ecosystem specific

{
    "section": "core"
}