CVE-2017-15897

CWE-665CWE-200Information Exposure8 documents7 sources
Severity
3.1LOW
EPSS
0.6%
top 29.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nodejs Node.jsTHE Node.js Project Node.js
Timeline
PublishedDec 11
Latest updateMay 14

Description

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages3 packages

NVDnodejs/node.js8.9.08.9.3+2
Alpinenodejs< 8.9.3-r0+16
CVEListV5the_node.js_project/node.js8.0 and higher, 9.0 and higher+1

🔴Vulnerability Details

3
GHSA
GHSA-f2j2-5fh3-4jrr: Node2022-05-14
OSV
CVE-2017-15897: Node2017-12-11
CVEList
CVE-2017-15897: Node2017-12-11

📋Vendor Advisories

2
Red Hat
nodejs: Unitialized buffer due to incorrect encoding2017-12-07
Debian
CVE-2017-15897: nodejs - Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initial...2017

💬Community

2
Bugzilla
CVE-2017-15897 nodejs: Unitialized buffer due to incorrect encoding [fedora-27]2018-01-09
Bugzilla
CVE-2017-15897 nodejs: Unitialized buffer due to incorrect encoding2018-01-09
CVE-2017-15897 (LOW CVSS 3.1) | Node.js had a bug in versions 8.X a | cvebase.io