Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-12115

Опубликовано: 21 авг. 2018
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names 'ucs2', 'ucs-2', 'utf16le' and 'utf-16le'), Buffer#write() can be abused to write outside of the bounds of a single Buffer. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
Версия до 6.14.4 (исключая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
Версия от 8.0.0 (включая) до 8.11.4 (исключая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
Версия от 10.0.0 (включая) до 10.9.0 (исключая)
Конфигурация 2
cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

EPSS

Процентиль: 75%
0.0096
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-787
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2018-12115

CVSS3: 7.5
ubuntu
почти 7 лет назад

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.

redhat логотип

CVE-2018-12115

CVSS3: 8.1
redhat
почти 7 лет назад

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.

debian логотип

CVE-2018-12115

CVSS3: 7.5
debian
почти 7 лет назад

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when use ...

github логотип

GHSA-q85m-543x-pwpc

CVSS3: 7.5
github
около 3 лет назад

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.

suse-cvrf логотип

openSUSE-SU-2018:2855-1

suse-cvrf
почти 7 лет назад

Security update for nodejs8

EPSS

Процентиль: 75%
0.0096
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-787
CWE-787