VDB
GCVE-110-MAGEIA-2019-277
GCVE-110-MAGEIA-2019-277
Advisory Published
This update provides nodejs v6.17.1 fixing at least the following security
issues:
The c-ares function ares_parse_naptr_reply(), which is used for parsing
NAPTR responses, could be triggered to read memory outside of the given
input buffer (CVE-2017-1000381)
Fix for 'path' module regular expression denial of service (CVE-2018-7158)
Reject spaces in HTTP Content-Length header values (CVE-2018-7159)
Fix for inspector DNS rebinding vulnerability (CVE-2018-7160)
buffer: Fixes Denial of Service vulnerability where calling Buffer.fill()
could hang (CVE-2018-7167)
buffer: Fix out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding
(CVE-2018-12115)
Node.js: HTTP request splitting (CVE-2018-12116)
Node.js: Debugger port 5858 listens on any interface by default
(CVE-2018-12120)
Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122)
Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123)
Node.js: Slowloris HTTP Denial of Service with keep-alive (CVE-2019-5737)
Node.js: Denial of Service with keep-alive HTTP connections (CVE-2019-5739)
For other fixes in this update, see the referenced release logs.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | http-parser | 2.9.2-1.mga6 (unaffected), 0 (affected) | — |
| Mageia | libuv | 0 (affected), 1.16.1-1.mga6 (unaffected) | — |
| Mageia | nodejs | 0 (affected), 6.17.1-8.mga6 (unaffected) | — |
References
Browse GCVE Records
73,685 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.