Bug 1561981 (CVE-2018-7159) - CVE-2018-7159 nodejs: HTTP parser allowed for spaces inside Content-Length header values
Summary: CVE-2018-7159 nodejs: HTTP parser allowed for spaces inside Content-Length he...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-7159
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1562026 1562027 1562028 1565042 1565043 1565044 1565269 1654223 1666024
Blocks: 1561984
TreeView+ depends on / blocked
 
Reported: 2018-03-29 09:51 UTC by Adam Mariš
Modified: 2020-11-05 10:32 UTC (History)
22 users (show)

Fixed In Version: nodejs 8.11.0, nodejs 6.14.0, nodejs 4.9.0, nodejs 9.10.0, http-parser 2.8.1
Doc Type: If docs needed, set a value
Doc Text:
It was found that the http module from Node.js could accept incorrect Content-Length values, containing spaces within the value, in HTTP headers. A specially crafted client could use this flaw to possibly confuse the script, causing unspecified behavior.
Clone Of:
Environment:
Last Closed: 2019-08-06 19:18:42 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:2258 0 None None None 2019-08-06 12:33:10 UTC

Description Adam Mariš 2018-03-29 09:51:10 UTC 
The Node.js HTTP parser allowed for spaces inside Content-Length header values. Such values now lead to rejected connections in the same way as non-numeric values.

References:

https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V8.md
Comment 1 Adam Mariš 2018-03-29 12:07:38 UTC 
Created nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1562027]
Affects: epel-all [bug 1562026]
Comment 5 Cedric Buissart 2018-04-06 11:57:34 UTC 
Upstream fix: https://github.com/nodejs/node/commit/c39167dc26
Comment 9 Jason Shepherd 2018-06-13 21:20:46 UTC 
NodeJS is only packaged as an ImageStream in Openshift Enterprise 3.9, which is a container image from RH Software Collections. Marking Openshift Enterprise as not affected.
Comment 10 Cedric Buissart 2018-11-08 15:19:03 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2018:2949 https://access.redhat.com/errata/RHSA-2018:2949
Comment 20 errata-xmlrpc 2019-08-06 12:33:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2258 https://access.redhat.com/errata/RHSA-2019:2258
Comment 21 Product Security DevOps Team 2019-08-06 19:18:42 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-7159
Note You need to log in before you can comment on or make changes to this bug.