Candidate: CVE-2016-4055
PublicDate: 2017-01-23 21:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4055
Description:
 The duration function in the moment package before 2.11.2 for Node.js
 allows remote attackers to cause a denial of service (CPU consumption) via
 a long string, aka a "regular expression Denial of Service (ReDoS)."
Ubuntu-Description:
 It was discovered that moment mishandled certain regular expressions. An
 attacker could use this vulnerability to cause a denial of service.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM]

Patches_node-moment:
 upstream: https://github.com/moment/moment/commit/52a807b961ead925be11ff5e632c8f7325a9ce36
upstream_node-moment: released (2.13.0+ds-1)
precise_node-moment: DNE
precise/esm_node-moment: DNE
trusty_node-moment: DNE
trusty/esm_node-moment: DNE
vivid/stable-phone-overlay_node-moment: DNE
vivid/ubuntu-core_node-moment: DNE
wily_node-moment: DNE
xenial_node-moment: ignored (end of standard support, was needed)
yakkety_node-moment: ignored (reached end-of-life)
zesty_node-moment: ignored (reached end-of-life)
artful_node-moment: ignored (reached end-of-life)
bionic_node-moment: not-affected (2.20.1+ds-1)
cosmic_node-moment: not-affected (2.20.1+ds-1)
disco_node-moment: not-affected (2.20.1+ds-1)
eoan_node-moment: not-affected (2.20.1+ds-1)
focal_node-moment: not-affected (2.20.1+ds-1)
groovy_node-moment: not-affected (2.20.1+ds-1)
hirsute_node-moment: not-affected (2.20.1+ds-1)
impish_node-moment: not-affected (2.20.1+ds-1)
jammy_node-moment: not-affected (2.20.1+ds-1)
devel_node-moment: not-affected (2.20.1+ds-1)