Threat Encyclopedia

Node.js.nghttp2_frame_altsvc_free.DoS

Description

This indicates an attack attempt to exploit a Denial Of Service Vulnerability in Node.js.
The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted request. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system.

Affected Products

Node.js Node.js 10.x prior to 10.4.1
Node.js Node.js 8.x to 8.11.3
Node.js Node.js 9.x to 9.11.2

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor:
https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/

CVE References

CVE-2018-1000168