CVE-2018-3739 — CRITICAL (9.1)

Q: How severe is CVE-2018-3739?

CVE-2018-3739 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2018-3739?

Check the references section above for vendor advisories and patch information. Affected products include: Https-Proxy-Agent Project Https-Proxy-Agent.

Vulnerability Description

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).

CVSS Score

9.1

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Https-Proxy-Agent Project	Https-Proxy-Agent	< 2.2.0

Related Weaknesses (CWE)

CWE-125 CWE-400

References

https://hackerone.com/reports/319532ExploitThird Party Advisory
https://hackerone.com/reports/319532ExploitThird Party Advisory

FAQ

What is CVE-2018-3739?

CVE-2018-3739 is a vulnerability with a CVSS score of 9.1 (CRITICAL). https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed i...

How severe is CVE-2018-3739?

CVE-2018-3739 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-3739?

Check the references section above for vendor advisories and patch information. Affected products include: Https-Proxy-Agent Project Https-Proxy-Agent.