Candidate: CVE-2017-14919
PublicDate: 2017-10-30 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14919
 https://nodejs.org/en/blog/vulnerability/oct-2017-dos/
Description:
 Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote
 attackers to cause a denial of service (uncaught exception and crash) by
 leveraging a change in the zlib module 1.2.9 making 8 an invalid value for
 the windowBits parameter.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_nodejs:
upstream_nodejs: released (4.8.5, 6.11.5, 8.8.0)
precise/esm_nodejs: DNE
trusty_nodejs: not-affected (code not present)
trusty/esm_nodejs: not-affected (code not present)
xenial_nodejs: not-affected (code not present)
zesty_nodejs: ignored (reached end-of-life)
artful_nodejs: ignored (reached end-of-life)
bionic_nodejs: not-affected (8.10.0~dfsg-2)
devel_nodejs: not-affected (8.11.2~dfsg-1)