CVE-2017-14919
CVSS 7.5 - HIGH
Description
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.
Affected Products
23| Vendor | Product | Version |
|---|---|---|
| nodejs | node.js |
4.8.2
|
| nodejs | node.js |
4.8.3
|
| nodejs | node.js |
4.8.4
|
| nodejs | node.js |
6.10.2
|
| nodejs | node.js |
6.10.3
|
| nodejs | node.js |
6.11.0
|
| nodejs | node.js |
6.11.1
|
| nodejs | node.js |
6.11.2
|
| nodejs | node.js |
6.11.3
|
| nodejs | node.js |
6.11.4
|
| nodejs | node.js |
8.0.0
|
| nodejs | node.js |
8.1.0
|
| nodejs | node.js |
8.1.1
|
| nodejs | node.js |
8.1.2
|
| nodejs | node.js |
8.1.3
|
| nodejs | node.js |
8.1.4
|
| nodejs | node.js |
8.2.0
|
| nodejs | node.js |
8.2.1
|
| nodejs | node.js |
8.3.0
|
| nodejs | node.js |
8.4.0
|
| nodejs | node.js |
8.5.0
|
| nodejs | node.js |
8.6.0
|
| nodejs | node.js |
8.7.0
|
References
Weakness Types
CWE-20
CVE Information
- CVE ID:
CVE-2017-14919- Published:
- 2017-10-30
- Modified:
- 2026-05-13
- CVSS Score:
- 7.5
- Severity:
- HIGH
- Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Vendors
nodejs
Quick Actions
CVSS Severity Scale
0.0 - 3.9
LOW
4.0 - 6.9
MEDIUM
7.0 - 8.9
HIGH
9.0 - 10.0
CRITICAL