ghsa-2m39-62fm-q8r3
Vulnerability from github
Published
2018-08-15 13:22
Modified
2023-01-31 01:55
Severity
Summary
Regular Expression Denial of Service in sshpk
Details
Versions of sshpk before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys.
Recommendation
Update to version 1.13.2, 1.14.1 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "sshpk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-3737"
],
"database_specific": {
"cwe_ids": [
"CWE-185",
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T20:52:29Z",
"nvd_published_at": "2018-06-07T02:29:00Z",
"severity": "HIGH"
},
"details": "Versions of `sshpk` before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys.\n\n\n## Recommendation\n\nUpdate to version 1.13.2, 1.14.1 or later.",
"id": "GHSA-2m39-62fm-q8r3",
"modified": "2023-01-31T01:55:03Z",
"published": "2018-08-15T13:22:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3737"
},
{
"type": "WEB",
"url": "https://github.com/joyent/node-sshpk/commit/46065d38a5e6d1bccf86d3efb2fb83c14e3f9957"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/319593"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-2m39-62fm-q8r3"
},
{
"type": "WEB",
"url": "https://github.com/joyent/node-sshpk/blob/v1.13.1/lib/formats/ssh.js#L17"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/606"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Regular Expression Denial of Service in sshpk"
}
Loading...