GHSA-V6CJ-R88P-92RM

Vulnerability from github – Published: 2019-09-30 19:31 – Updated: 2021-09-20 15:40
VLAI?
Summary
Buffer Overflow in centra
Details

Denial of Service

Impact

Affected Centra versions will, when not in stream mode, buffer responses to requests into memory with no size limit. This issue affects anyone requesting content from untrusted sources.

Patches

Version 2.4.0 resolves the issue by limiting the size of buffered response body.

Workarounds

Attempting workarounds isn't recommended. Updating is preferred.

For more information

If you have any questions or comments about this advisory, open an issue in ethanent/centra.

Severity ?
7.3 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "centra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:57:00Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "## Denial of Service\n\n### Impact\n\nAffected Centra versions will, when not in stream mode, buffer responses to requests into memory with no size limit. This issue affects anyone requesting content from untrusted sources.\n\n### Patches\n\nVersion 2.4.0 resolves the issue by limiting the size of buffered response body.\n\n### Workarounds\n\nAttempting workarounds isn\u0027t recommended. Updating is preferred.\n\n### For more information\n\nIf you have any questions or comments about this advisory, open an issue in [ethanent/centra](https://github.com/ethanent/centra).\n\n",
  "id": "GHSA-v6cj-r88p-92rm",
  "modified": "2021-09-20T15:40:54Z",
  "published": "2019-09-30T19:31:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ethanent/centra/security/advisories/GHSA-v6cj-r88p-92rm"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-v6cj-r88p-92rm"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ethanent/centra"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-CENTRA-536073"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Buffer Overflow in centra"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.