D17-3g871
CVSS:
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
False Positive:
f
Variants:
1
Year:
2017
Description
This strike identifies a vulnerability in the Node.js zlib library. zlib has issues when trying to deflate an 8 bit windowBit value and will throw a z_stream_error when encountered. Node.js does not properly handle this exception, and this vulnerability can be demonstrated using the WebSocket extension for Node because it allows for the windowBit value to be set in the headers.