FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3eff66c5-66c9-11e7-aa1d-3d2e663cef42	node.js -- multiple vulnerabilities Updates are now available for all active Node.js release lines as well as the 7.x line. These include the fix for the high severity vulnerability identified in the initial announcement, one additional lower priority Node.js vulnerability in the 4.x release line, as well as some lower priority fixes for Node.js dependencies across the current release lines. Constant Hashtable Seeds (CVE pending) Node.js was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup. Thanks to Jann Horn of Google Project Zero for reporting this vulnerability. This is a high severity vulnerability and applies to all active release lines (4.x, 6.x, 8.x) as well as the 7.x line. http.get with numeric authorization options creates uninitialized buffers Application code that allows the auth field of the options object used with http.get() to be set to a number can result in an uninitialized buffer being created/used as the authentication string. This is a low severity defect and only applies to the 4.x release line. Discovery 2017-06-27 Entry 2017-07-12 node < 8.1.4 node4 < 4.8.4 node6 < 6.11.1 https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/

VuXML ID

Description

3eff66c5-66c9-11e7-aa1d-3d2e663cef42

node.js -- multiple vulnerabilities

Updates are now available for all active Node.js release lines as well as the 7.x line. These include the fix for the high severity vulnerability identified in the initial announcement, one additional lower priority Node.js vulnerability in the 4.x release line, as well as some lower priority fixes for Node.js dependencies across the current release lines.

Constant Hashtable Seeds (CVE pending)

Node.js was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup. Thanks to Jann Horn of Google Project Zero for reporting this vulnerability.

This is a high severity vulnerability and applies to all active release lines (4.x, 6.x, 8.x) as well as the 7.x line.

http.get with numeric authorization options creates uninitialized buffers

Application code that allows the auth field of the options object used with http.get() to be set to a number can result in an uninitialized buffer being created/used as the authentication string.

This is a low severity defect and only applies to the 4.x release line.

Discovery 2017-06-27
Entry 2017-07-12
node

< 8.1.4

node4

< 4.8.4

node6

< 6.11.1

https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/