Upstream information

CVE-2013-4450 at MITRE


The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.96
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

This issue is currently rated as having low severity.

SUSE Bugzilla entry: 846808 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 13.1
  • nodejs >= 0.10.5-3.4.1
  • nodejs-debuginfo >= 0.10.5-3.4.1
  • nodejs-debugsource >= 0.10.5-3.4.1
  • nodejs-devel >= 0.10.5-3.4.1

List of planned updates

The following information is the current evaluation information for this security issue. It might neither be accurate nor complete, Use at own risk.
Product(s) Source package
  • SUSE Studio Onsite 1.3