CVE-2018-3739
Denial of Service vulnerability in https-proxy-agent (npm)
What is CVE-2018-3739 About?
Versions of `https-proxy-agent` before 2.2.0 are vulnerable to denial of service. The vulnerability arises from passing unsanitized `proxy.auth` options directly to `Buffer()`. This can lead to resource exhaustion if an attacker supplies a sufficiently large input, making exploitation relatively easy.
Affected Software
Technical Details
The https-proxy-agent library, in versions prior to 2.2.0, directly uses the proxy.auth option to construct a Buffer without proper input validation or size constraints. If an attacker can control the value of proxy.auth and provide an extremely long string, the Buffer constructor will attempt to allocate a large amount of memory. This can lead to excessive memory consumption, causing the application or system to run out of memory, crash, or become unresponsive, thereby resulting in a denial of service (DoS). The attack leverages the memory allocation mechanism rather than algorithmic complexity.
What is the Impact of CVE-2018-3739?
Successful exploitation may allow attackers to cause a denial of service, making the affected system or application unavailable to legitimate users.
What is the Exploitability of CVE-2018-3739?
Exploitation of this denial of service vulnerability is of low complexity. An attacker needs to be able to supply a very large string for the proxy.auth option when using https-proxy-agent. No authentication or specific privileges are required to trigger the memory allocation if the proxy.auth option is derived from untrusted input. This is typically a remote vulnerability, applicable if the application uses https-proxy-agent to connect to a proxy where the authentication credentials can be influenced by an attacker's input (e.g., via environment variables, configuration files, or direct API calls). The risk of exploitation is higher in applications that accept external configuration for proxy settings without validating string lengths or resource limits.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2018-3739?
About the Fix from Resolved Security
Available Upgrade Options
- https-proxy-agent
- <2.2.0 → Upgrade to 2.2.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/TooTallNate/node-https-proxy-agent/commit/1c24219df87524e6ed973127e81f30801d658f07
- https://github.com/advisories/GHSA-8g7p-74h8-hg48
- https://github.com/TooTallNate/node-https-proxy-agent
- https://hackerone.com/reports/319532
- https://www.npmjs.com/advisories/593
- https://hackerone.com/reports/319532
- https://nvd.nist.gov/vuln/detail/CVE-2018-3736
- https://osv.dev/vulnerability/GHSA-8g7p-74h8-hg48
What are Similar Vulnerabilities to CVE-2018-3739?
Similar Vulnerabilities: CVE-2019-10756 , CVE-2020-28475 , CVE-2021-23635 , CVE-2022-24999 , CVE-2023-38600
