CVE-2017-15897 Vulnerability Details

  /     /     /  

CVE-2017-15897 Metadata Quick Info

CVE Published: 11/12/2017 | CVE Updated: 17/09/2024 | CVE Year: 2017
Source: nodejs | Vendor: The Node.js Project | Product: Node.js
Status : PUBLISHED

CVE-2017-15897 Description

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, \'Buffer.alloc(0x100, "This is not correctly encoded", "hex");\' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Un-initialized Data
Source: The Node.js Project

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2017-15897 Vulnerability Details