Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.
References
Link | Resource |
---|---|
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: nodejs
Published: 2017-12-07T00:00:00
Updated: 2017-12-11T20:57:01
Reserved: 2017-10-25T00:00:00
Link: CVE-2017-15897
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-12-11T21:29:00.563
Modified: 2022-09-01T16:22:28.230
Link: CVE-2017-15897
JSON object: View
Redhat Information
No data.
CWE