Red Hat Bugzilla – Bug 1591013
CVE-2018-7161 nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash
Last modified: 2018-08-07 00:25:54 EDT
A flaw was found in all versions of Node.js 8.x, 9.x, and 10.x. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available.
Created nodejs tracking bugs for this issue:
Affects: epel-all [bug 1591015]
Affects: fedora-all [bug 1591014]
RHOAR NodeJS 10.4.1, has already been released with a fix for this issue.