CVE-2017-15897

Published Dec 11, 2017

Last updated 2 years ago

Overview

Description
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.
Source
cve-request@iojs.org
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
3.1
Impact score
1.4
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity
LOW

CVSS 2.0

Type
Primary
Base score
4.3
Impact score
2.9
Exploitability score
8.6
Vector string
AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov
CWE-665

Social media

Hype score
Not currently trending

Configurations