CVE-2019-10196 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-10196 Interim 1 10 2025-02-17T02:09:13Z current 2021-05-30T14:26:46Z 2025-02-17T02:09:13Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-10196 A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 4 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 15 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 15 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 15 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8 SUSE Studio Onsite 1.3 nodejs nodejs10 nodejs10-devel nodejs10-docs nodejs4 nodejs4-devel nodejs4-docs nodejs6 nodejs6-devel nodejs6-docs nodejs8 nodejs8-devel nodejs8-docs npm10 npm4 npm6 npm8 nodejs4 as a component of SUSE Enterprise Storage 4 nodejs6 as a component of SUSE Enterprise Storage 4 nodejs10 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs10-devel as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs10-docs as a component of SUSE Linux Enterprise Module for Web and Scripting 12 npm10 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs4 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs4-devel as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs4-docs as a component of SUSE Linux Enterprise Module for Web and Scripting 12 npm4 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs6 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs6-devel as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs6-docs as a component of SUSE Linux Enterprise Module for Web and Scripting 12 npm6 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs10 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 nodejs10-devel as a component of SUSE Linux Enterprise Module for Web and Scripting 15 nodejs10-docs as a component of SUSE Linux Enterprise Module for Web and Scripting 15 npm10 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 nodejs8 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 nodejs8-devel as a component of SUSE Linux Enterprise Module for Web and Scripting 15 nodejs8-docs as a component of SUSE Linux Enterprise Module for Web and Scripting 15 npm8 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 nodejs6 as a component of SUSE OpenStack Cloud 7 nodejs6 as a component of SUSE OpenStack Cloud Crowbar 8 nodejs as a component of SUSE Studio Onsite 1.3 A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter. CVE-2019-10196 SUSE Enterprise Storage 4:nodejs4 SUSE Enterprise Storage 4:nodejs6 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs SUSE Linux Enterprise Module for Web and Scripting 12:npm10 SUSE Linux Enterprise Module for Web and Scripting 12:npm4 SUSE Linux Enterprise Module for Web and Scripting 12:npm6 SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10 SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8 SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs SUSE Linux Enterprise Module for Web and Scripting 15:npm10 SUSE Linux Enterprise Module for Web and Scripting 15:npm8 SUSE OpenStack Cloud 7:nodejs6 SUSE OpenStack Cloud Crowbar 8:nodejs6 SUSE Studio Onsite 1.3:nodejs important 9 AV:N/AC:L/Au:N/C:P/I:P/A:C 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L