CVE-2021-39157 - OpenCVE

detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding v0.7.0](https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0). No workaround are available and all users should update to resolve this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Detect-character-encoding Project	Detect-character-encoding

Configuration 1 [-]

cpe:2.3:a:detect-character-encoding_project:detect-character-encoding:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/sonicdoe/detect-character-encoding/commit/992a11007fff6cfd40b952150ab8d30410c4a20a
https://github.com/sonicdoe/detect-character-encoding/issues/15
https://github.com/sonicdoe/detect-character-encoding/security/advisories/GHSA-jqfh-8hw5-fqjr

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-08-24T18:15:11

Updated: 2024-08-04T01:58:18.139Z

Reserved: 2021-08-16T00:00:00

Link: CVE-2021-39157

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-08-24T19:15:32.127

Modified: 2021-09-01T01:03:54.040

Link: CVE-2021-39157

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "detect-character-encoding", "vendor": "sonicdoe", "versions": [{"status": "affected", "version": "< 0.7.0"}]}], "descriptions": [{"lang": "en", "value": "detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding v0.7.0](https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0). No workaround are available and all users should update to resolve this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-755", "description": "CWE-755: Improper Handling of Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-24T18:15:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sonicdoe/detect-character-encoding/security/advisories/GHSA-jqfh-8hw5-fqjr"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sonicdoe/detect-character-encoding/issues/15"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sonicdoe/detect-character-encoding/commit/992a11007fff6cfd40b952150ab8d30410c4a20a"}], "source": {"advisory": "GHSA-jqfh-8hw5-fqjr", "discovery": "UNKNOWN"}, "title": "Improper Handling of Exceptional Conditions in detect-character-encoding", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-39157", "STATE": "PUBLIC", "TITLE": "Improper Handling of Exceptional Conditions in detect-character-encoding"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "detect-character-encoding", "version": {"version_data": [{"version_value": "< 0.7.0"}]}}]}, "vendor_name": "sonicdoe"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding v0.7.0](https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0). No workaround are available and all users should update to resolve this issue."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-755: Improper Handling of Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://github.com/sonicdoe/detect-character-encoding/security/advisories/GHSA-jqfh-8hw5-fqjr", "refsource": "CONFIRM", "url": "https://github.com/sonicdoe/detect-character-encoding/security/advisories/GHSA-jqfh-8hw5-fqjr"}, {"name": "https://github.com/sonicdoe/detect-character-encoding/issues/15", "refsource": "MISC", "url": "https://github.com/sonicdoe/detect-character-encoding/issues/15"}, {"name": "https://github.com/sonicdoe/detect-character-encoding/commit/992a11007fff6cfd40b952150ab8d30410c4a20a", "refsource": "MISC", "url": "https://github.com/sonicdoe/detect-character-encoding/commit/992a11007fff6cfd40b952150ab8d30410c4a20a"}]}, "source": {"advisory": "GHSA-jqfh-8hw5-fqjr", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:58:18.139Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/sonicdoe/detect-character-encoding/security/advisories/GHSA-jqfh-8hw5-fqjr"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sonicdoe/detect-character-encoding/issues/15"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sonicdoe/detect-character-encoding/commit/992a11007fff6cfd40b952150ab8d30410c4a20a"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-39157", "datePublished": "2021-08-24T18:15:11", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-08-04T01:58:18.139Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:detect-character-encoding_project:detect-character-encoding:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "E74204E5-7337-49D3-BCC3-EEC4DE5ACD65", "versionEndExcluding": "0.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding v0.7.0](https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0). No workaround are available and all users should update to resolve this issue."}, {"lang": "es", "value": "detect-character-encoding, es una biblioteca de inspecci\u00f3n de codificaci\u00f3n de caracteres de c\u00f3digo abierto. En detect-character-encoding versiones v0.6.0 y anteriores, los datos que no coinciden con ning\u00fan conjunto de caracteres causan que el proceso Node.js se bloquee. El problema ha sido parcheado en [detect-character-encoding v0.7.0](https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0). No se presentan soluciones disponibles y todos los usuarios deber\u00edan actualizar para resolver este problema."}], "id": "CVE-2021-39157", "lastModified": "2021-09-01T01:03:54.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-08-24T19:15:32.127", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sonicdoe/detect-character-encoding/commit/992a11007fff6cfd40b952150ab8d30410c4a20a"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/sonicdoe/detect-character-encoding/issues/15"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/sonicdoe/detect-character-encoding/security/advisories/GHSA-jqfh-8hw5-fqjr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-755"}], "source": "security-advisories@github.com", "type": "Secondary"}]}