CVE-2017-11499

Published: 7/25/2017 Last updated: 8/5/2024 Reserved: 7/20/2017

Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

conf-npm

Products affected (1)

Product	Vendor	Version
n/a	n/a	QCA6688AQ

References (8)

http://www.securityfocus.com/bid/99959
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
https://access.redhat.com/errata/RHSA-2017:3002
https://access.redhat.com/errata/RHSA-2017:2908
http://www.securityfocus.com/bid/99959
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
https://access.redhat.com/errata/RHSA-2017:3002
https://access.redhat.com/errata/RHSA-2017:2908