CVE-2017-16014

NameCVE-2017-16014
DescriptionHttp-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
node-http-proxy (PTS)sid, trixie, bookworm1.18.1-8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
node-http-proxysource(unstable)(not affected)

Notes

- node-http-proxy <not-affected> (Fixed before initial upload to Debian)
https://nodesecurity.io/advisories/323
https://github.com/nodejitsu/node-http-proxy/pull/101
https://github.com/http-party/node-http-proxy/commit/07c8d2ee6017264c3d4deac9f42ca264a3740b48 (v0.7.0)
Search for package or bug name: Reporting problems