Vigil@nce - Node.js hawk: denial of service via Regular Expression
March 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send malicious data to Node.js hawk, in order to
trigger a denial of service.
Impacted products: Node.js Modules not comprehensive.
Severity: 2/4.
Creation date: 20/01/2016.
DESCRIPTION OF THE VULNERABILITY
The hawk module can be installed on Node.js.
However, some specific data trigger an overload during the Regular
Expression computation.
An attacker can therefore send malicious data to Node.js hawk, in
order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Node-js-hawk-denial-of-service-via-Regular-Expression-18779