Miggo Logo

CVE-2017-16025: Denial of Service in nes

4.3

CVSS Score

Basic Information

EPSS Score
0.57825%
Published
7/24/2018
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:N/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
nesnpm<= 6.4.06.4.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the cookie parsing logic in the _authenticate method. The original code (pre-6.4.1) used a callback that ignored parsing errors (ignoreErr parameter), proceeding to access state[config.cookie] even when parsing failed. The commit 249ba17 fixed this by adding error handling to the cookie parsing callback. The stack trace in GitHub issue #171 directly points to line 540 in socket.js where the unhandled null state access occurs, confirming this function's role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* `n*s` *r* vuln*r**l* to **ni*l o* s*rvi** w**n *iv*n *n inv*li* `*ooki*` *****r, *n* w**so*k*t *ut**nti**tion is s*t to `*ooki*`. Su*mittin* *n inv*li* *ooki* on t** w**so*k*t up*r*** r*qu*st will **us* t** no** pro**ss to t*row

Reasoning

T** vuln*r**ility st*ms *rom t** *ooki* p*rsin* lo*i* in t** `_*ut**nti**t*` m*t*o*. T** ori*in*l *o** (pr*-*.*.*) us** * **ll***k t**t i*nor** p*rsin* *rrors (`i*nor**rr` p*r*m*t*r), pro****in* to ****ss `st*t*[*on*i*.*ooki*]` *v*n w**n p*rsin* **il