Node.js zlib Module DoS (Jan 27, 2018)

Node.js is an open-source, cross-platform JavaScript run-time environment for executing JavaScript code server-side. A denial of service vulnerability exists in Node.js. When the zlib v1.2.9 component in Node.js handles the 8-bit Z_STREAM_ERROR error code, there is an logic error that ignored certain values, causing an unhandled exception. An attacker could cause denial of service by sending a certain crafted HTTP request via the WebSocket protocol. The affected version includes node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0.

Read More…