跳转到帖子

Rocky Linux: CVE-2024-28863: nodejs-18 (Multiple Advisories)

recommended_posts

发布于
  • Members

Rocky Linux: CVE-2024-28863: nodejs-18 (Multiple Advisories)

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
03/21/2024
Created
09/18/2024
Added
09/17/2024
Modified
11/18/2024

Description

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.

Solution(s)

  • rocky-upgrade-nodejs
  • rocky-upgrade-nodejs-debuginfo
  • rocky-upgrade-nodejs-debugsource
  • rocky-upgrade-nodejs-devel
  • rocky-upgrade-nodejs-full-i18n
  • rocky-upgrade-npm

References

  • https://attackerkb.com/topics/cve-2024-28863
  • CVE - 2024-28863
  • https://errata.rockylinux.org/RLSA-2024:5814
  • https://errata.rockylinux.org/RLSA-2024:6147
  • https://errata.rockylinux.org/RLSA-2024:6148
  • 查看数 701
  • 已创建
  • 最后回复

参与讨论

你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
注意:你的帖子需要版主批准后才能看到。

游客
回帖…