CVE-2013-4450

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-4450 at MITRE

Description

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

SUSE information

SUSE Bugzilla entry: 846808

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • nodejs >= 0.8.12-3.4.1
  • nodejs-debuginfo >= 0.8.12-3.4.1
  • nodejs-debugsource >= 0.8.12-3.4.1
  • nodejs-devel >= 0.8.12-3.4.1
Patchnames:
openSUSE-2013-965
openSUSE 13.1
  • nodejs >= 0.10.5-3.4.1
  • nodejs-debuginfo >= 0.10.5-3.4.1
  • nodejs-debugsource >= 0.10.5-3.4.1
  • nodejs-devel >= 0.10.5-3.4.1
Patchnames:
openSUSE-2013-965