Description

The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service (file descriptor consumption and process crash) via unspecified vectors.

Remediation

References

http://www.openwall.com/lists/oss-security/2014/05/13/1

http://www.openwall.com/lists/oss-security/2014/05/15/2

https://github.com/spumko/hapi/issues/1427

https://nodesecurity.io/advisories/hapi_File_descriptor_leak_DoS_vulnerability

Related Vulnerabilities

CVE-2018-1000191 Vulnerability in maven package com.blackducksoftware.integration:blackduck-detect

CVE-2014-0193 Vulnerability in maven package org.onosproject:onos-netconf-provider-device

CVE-2019-1003052 Vulnerability in maven package org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin

CVE-2023-0100 Vulnerability in maven package org.eclipse.birt:org.eclipse.birt.report.viewer

CVE-2018-11047 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa

Severity

Critical

Classification

CWE-399

Tags

Vendor Advisory