CVE-2014-3742
EPSS 0.73%File Descriptor Leak Can Cause DoS Vulnerability in hapi
Published: 10/24/2017Modified: 11/8/2023
Description
Versions 2.0.x and 2.1.x of hapi are vulnerable to a denial of service attack via a file descriptor leak. When triggered repeatedly, this leak will cause the server to run out of file descriptors and the node process to die. The effort required to take down a server depends on the process file descriptor limit. No other side effects or exploits have been identified. ## Recommendation - Please upgrade to version 2.2.x or above as soon as possible.
Affected packages (1)
- npm/hapi>= 2.0.0, < 2.2.0
References (7)
- ADVISORYhttps://github.com/advisories/GHSA-cqr7-78pj-3g7j
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-3742
- PATCHhttps://github.com/spumko/hapi
- WEBhttps://github.com/spumko/hapi/issues/1427
- WEBhttps://www.npmjs.com/advisories/11
- WEBhttp://www.openwall.com/lists/oss-security/2014/05/13/1
- WEBhttp://www.openwall.com/lists/oss-security/2014/05/15/2