CVE-2017-15897

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-15897

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15897.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-15897

Downstream

ALPINE-CVE-2017-15897

SUSE-SU-2019:14246-1

UBUNTU-CVE-2017-15897

Related

SUSE-SU-2019:14246-1

Published

2017-12-11T21:29:00Z

Modified

2025-10-10T01:03:11.901458Z

Severity

3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.

References

https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/node
Events: Introduced

f76ce0a75641991bfc235775a4747c978e0e281b

Fixed

8a44289089a08b7b19fa3c4651b5f1f5d1edd71b

Affected versions

v8.*

v8.9.0

v8.9.1

v8.9.2