Vulnerability Name:

CVE-2018-7162 (CCN-144738)

Assigned:2018-06-12
Published:2018-06-12
Updated:2022-08-16
Summary:All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2018-7162

Source: CCN
Type: IBM Security Bulletin 0715995 (i)
Multiple Vulnerabilities in Node.js affect IBM i

Source: CCN
Type: IBM Security Bulletin 2012749 (SDK for Node.js for Bluemix)
Multiple vulnerabilities affect IBM SDK for Node.js in IBM Cloud

Source: BID
Type: Third Party Advisory, VDB Entry
104468

Source: CCN
Type: BID-104468
Node.js CVE-2018-7162 Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
nodejs-cve20187162-dos(144738)

Source: CCN
Type: Node.js Blog, 2018-06-12
June 2018 Security Releases

Source: CONFIRM
Type: Vendor Advisory
https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/

Source: GENTOO
Type: Third Party Advisory
GLSA-202003-48

Source: CCN
Type: IBM Security Bulletin 718901 (Cloud Private)
Multiple Security Vulnerabilities affect IBM Cloud Private and IBM Cloud Private Cloud Foundry (CVE-2018-7167, CVE-2018-7164, CVE-2018-7162, CVE-2018-1000168, CVE-2018-7161)

Source: CCN
Type: IBM Security Bulletin 2016866 (Business Automation Workflow)
Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and Business Process Manager (BPM)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:nodejs:node.js:*:*:*:*:-:*:*:* (Version >= 10.0.0 and < 10.4.1)
  • OR cpe:/a:nodejs:node.js:*:*:*:*:-:*:*:* (Version >= 9.0.0 and < 9.11.2)

    • Configuration CCN 1:
  • cpe:/a:nodejs:node.js:9.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:nodejs:node.js:9.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:nodejs:node.js:10.0.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:business_automation_workflow:18.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:i2_enterprise_insight_analysis:2.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:2.1.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20187162
    V
    		CVE-2018-7162
    2022-09-02
    oval:org.opensuse.security:def:94259
    P
    		 (Important)
    2022-07-12
    oval:org.opensuse.security:def:1681
    P
    		Security update for qemu (Important) (in QA)
    2022-06-13
    oval:org.opensuse.security:def:1094
    P
    		Security update for libqt5-qtbase (Important)
    2022-03-15
    oval:org.opensuse.security:def:1689
    P
    		Security update for python-Twisted (Important)
    2022-02-18
    oval:org.opensuse.security:def:71348
    P
    		mozilla-nspr-32bit-4.20-3.3.2 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:66928
    P
    		Security update for grafana-piechart-panel (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:64761
    P
    		Security update for java-11-openjdk (Important)
    2021-09-03
    oval:org.opensuse.security:def:70284
    P
    		Security update for mariadb (Moderate)
    2021-08-25
    oval:org.opensuse.security:def:48168
    P
    		libpcap1-1.8.1-10.3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47751
    P
    		libnm-glib-vpn1-1.0.12-13.6.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48316
    P
    		sysconfig-0.84.0-13.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47615
    P
    		gdk-pixbuf-lang-2.34.0-19.17.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47944
    P
    		alsa-1.0.27.2-15.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47616
    P
    		gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48076
    P
    		libXfixes3-32bit-5.0.1-7.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47630
    P
    		groff-1.22.2-5.287 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:100972
    P
    		libsha1detectcoll-devel-1.0.3-2.18 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:68008
    P
    		Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP1) (Important)
    2021-07-14
    oval:org.opensuse.security:def:66836
    P
    		Security update for gupnp (Important)
    2021-06-18
    oval:org.opensuse.security:def:48843
    P
    		imobiledevice-tools-1.2.0-7.31 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48676
    P
    		gnome-shell-calendar-3.10.4-22.13 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48741
    P
    		libproxy1-networkmanager-32bit-0.4.11-11.6 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48530
    P
    		libopenssl-devel-1.0.2j-55.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48772
    P
    		gcc48-gij-32bit-4.8.5-30.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48614
    P
    		res-signingkeys-3.0.18-26.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:73619
    P
    		Security update for dtc (Low)
    2021-05-13
    oval:org.opensuse.security:def:64674
    P
    		Security update for python3 (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:68108
    P
    		Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP1) (Important)
    2021-03-17
    oval:org.opensuse.security:def:90088
    P
    		nodejs10-10.15.2-1.6.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:71461
    P
    		cpp7-7.5.0+r278197-4.16.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:2319
    P
    		nodejs10-10.19.0-1.18.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:103743
    P
    		nodejs10-10.15.2-1.6.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63400
    P
    		nodejs10-10.15.2-1.6.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:107638
    P
    		nodejs10-10.19.0-1.18.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63408
    P
    		nodejs10-10.19.0-1.18.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:117196
    P
    		nodejs10-10.19.0-1.18.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:2311
    P
    		nodejs10-10.15.2-1.6.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:50068
    P
    		libecpg6 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:73501
    P
    		glibc-devel-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50122
    P
    		nodejs10 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50076
    P
    		libsaml-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:70179
    P
    		log4j12-javadoc on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50130
    P
    		nodejs10 on GA media (Moderate)
    2020-12-01
    oval:com.ubuntu.artful:def:20187162000
    V
    		CVE-2018-7162 on Ubuntu 17.10 (artful) - untriaged.
    2018-06-13
    oval:com.ubuntu.bionic:def:201871620000000
    V
    		CVE-2018-7162 on Ubuntu 18.04 LTS (bionic) - medium.
    2018-06-13
    oval:com.ubuntu.bionic:def:20187162000
    V
    		CVE-2018-7162 on Ubuntu 18.04 LTS (bionic) - medium.
    2018-06-13
    oval:com.ubuntu.xenial:def:201871620000000
    V
    		CVE-2018-7162 on Ubuntu 16.04 LTS (xenial) - medium.
    2018-06-13
    oval:com.ubuntu.trusty:def:20187162000
    V
    		CVE-2018-7162 on Ubuntu 14.04 LTS (trusty) - medium.
    2018-06-13
    oval:com.ubuntu.xenial:def:20187162000
    V
    		CVE-2018-7162 on Ubuntu 16.04 LTS (xenial) - medium.
    2018-06-13
    BACK
    nodejs node.js *
    nodejs node.js *
    nodejs node.js 9.0.0
    nodejs node.js 9.7.0
    nodejs node.js 10.0.0
    ibm business automation workflow 18.0.0.0
    ibm i2 enterprise insight analysis 2.1.7
    ibm cloud private 2.1.0