CVE-2017-20165

NameCVE-2017-20165
DescriptionA vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The identifier of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
node-debug (PTS)jessie2.1.0+dfsg-1vulnerable
stretch2.5.1-1vulnerable
buster3.1.0-2fixed
bullseye4.3.1+~cs4.1.5-1fixed
sid, trixie, bookworm4.3.4+~cs4.1.7-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
node-debugsourcejessie(unfixed)end-of-life
node-debugsourcestretch(unfixed)end-of-life
node-debugsource(unstable)3.1.0-1

Notes

https://github.com/debug-js/debug/pull/504
https://github.com/debug-js/debug/commit/c38a0166c266a679c8de012d4eaccec3f944e685

Search for package or bug name: Reporting problems