Executive Summary

Informations
NameCVE-2017-15897First vendor Publication2017-12-11
VendorCveLast vendor Modification2017-12-29

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15897

CWE : Common Weakness Enumeration

%idName
100 %CWE-200Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application23

Nessus® Vulnerability Scanner

DateDescription
2017-12-15Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_bea84a7ae0c911e7b4f311baa0c2df21.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CONFIRM https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2017-12-29 21:21:41
  • Multiple Updates
2017-12-16 13:23:35
  • Multiple Updates
2017-12-12 05:20:23
  • First insertion