Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2017-16098

UNKNOWN
Published 2018-06-07T02:00:00Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-16098. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb, so the impact of the ReDoS is relatively low.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

HackerOne

charset node module

Affected Versions:

<1.0.0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Regular Expression Denial of Service in charset

GHSA-9cp3-fh5x-xfcj

Advisory Details

Affected versions of `charset` are susceptible to a regular expression denial of service. The amplification on this vulnerability is relatively low - it takes around 2 seconds for the engine to execute on a malicious input which is 50,000 characters in length. If node was compiled using the `-DHTTP_MAX_HEADER_SIZE` however, the impact of the vulnerability can be significant, as the primary limitation for the vulnerability is the default max HTTP header length in node. ## Recommendation Update to version 1.0.1 or later.

Affected Packages

npm charset
ECOSYSTEM: ≥0 <1.0.1

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-16098
WEB https://github.com/node-modules/charset/issues/10
WEB https://github.com/node-modules/charset/pull/11
WEB https://github.com/node-modules/charset/commit/effda0c48c51b47a47f4cad7db0c51ee7407cc1b
PACKAGE https://github.com/node-modules/charset

Advisory provided by GitHub Security Advisory Database. Published: August 9, 2018, Modified: March 31, 2023

References

https://nodesecurity.io/advisories/524
https://github.com/node-modules/charset/issues/10
Published: 2018-06-07T02:00:00Z
Last Modified: 2024-09-16T18:03:05.636Z
Copied to clipboard!