Upstream information

CVE-2013-4450 at MITRE


The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.

SUSE information

Overall state of this security issue: Pending

This issue is currently rated as having low severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 846808 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • nodejs >= 0.8.12-3.4.1
  • nodejs-debuginfo >= 0.8.12-3.4.1
  • nodejs-debugsource >= 0.8.12-3.4.1
  • nodejs-devel >= 0.8.12-3.4.1
openSUSE 13.1
  • nodejs >= 0.10.5-3.4.1
  • nodejs-debuginfo >= 0.10.5-3.4.1
  • nodejs-debugsource >= 0.10.5-3.4.1
  • nodejs-devel >= 0.10.5-3.4.1

List of planned updates

The following information is the current evaluation information for this security issue. It might neither be accurate nor complete, Use at own risk.
Product(s) Source package
  • SUSE Studio Onsite 1.3

Status of this issue by product and package

Product(s) Source package State
SUSE Studio Onsite 1.3 nodejs Affected