|Title:||node.js Out of Bounds Access and Denial of Service|
|Affected Products:||PZOS – 7.X versions through 22.214.171.124|
The GUI component of PZOS software contains two vulnerabilities. One in which out of bounds data was being read, and one which allowed a DNS attack to cause a denial of service.
The GUI component of PZOS is implemented using node.js. Two recent vulnerabilities were discovered. The first allowed a specially crafted DNS packet to cause the GUI to read out of bounds data. The second allowed another specially crafted DNS packet to cause a denial of service against the GUI.
See https://nodesource.com/blog/node-js-security-release-summary-july-2017/ for more information.
Upgrades are available for all supported releases. Please consult with Panzura Support on the appropriate upgrade for your environment.