Lucene search

K

Redhat.comRH:CVE-2017-15897

HistoryJan 09, 2018 - 9:49 a.m.

CVE-2017-15897

2018-01-0909:49:46

redhat.com

access.redhat.com

9

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, ‘Buffer.alloc(0x100, “This is not correctly encoded”, “hex”);’ The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.

References

bugzilla.redhat.com/show_bug.cgi?id=1532534

nodejs.org/en/blog/vulnerability/december-2017-security-releases/

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

Related for RH:CVE-2017-15897

prion1 ubuntucve1 osv1 debiancve1 cve1 veracode1 alpinelinux1 nodejsblog1 nessus1 freebsd1 ibm1 openvas1