Red Hat Bugzilla – Bug 1591018
CVE-2018-7162 nodejs: denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash
Last modified: 2018-09-04 00:11:11 EDT
A flaw was found in all versions of Node.js 9.x and 10.x. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake.
Created nodejs tracking bugs for this issue:
Affects: epel-all [bug 1591021]
Affects: fedora-all [bug 1591019]
RHOAR NodeJS 10.4.1, has already been released with a fix for this issue.
This issue doesn't affect NodeJS 6, or 0.10 used by openshift-enterprise-10/logging-kibana and logging-auth-proxy respectively.