Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-12115

Опубликовано: 21 авг. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names 'ucs2', 'ucs-2', 'utf16le' and 'utf-16le'), Buffer#write() can be abused to write outside of the bounds of a single Buffer. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
cosmic

not-affected

8.11.4~dfsg-0ubuntu1
devel

not-affected

8.11.4~dfsg-0ubuntu1
disco

not-affected

8.11.4~dfsg-0ubuntu1
eoan

not-affected

8.11.4~dfsg-0ubuntu1
esm-apps/bionic

released

8.10.0~dfsg-2ubuntu0.4+esm1
esm-apps/focal

not-affected

8.11.4~dfsg-0ubuntu1
esm-apps/jammy

not-affected

8.11.4~dfsg-0ubuntu1
esm-apps/noble

not-affected

8.11.4~dfsg-0ubuntu1
esm-apps/xenial

needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 75%
0.0096
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-12115

CVSS3: 8.1
redhat
почти 7 лет назад

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.

nvd логотип

CVE-2018-12115

CVSS3: 7.5
nvd
почти 7 лет назад

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.

debian логотип

CVE-2018-12115

CVSS3: 7.5
debian
почти 7 лет назад

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when use ...

github логотип

GHSA-q85m-543x-pwpc

CVSS3: 7.5
github
около 3 лет назад

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.

suse-cvrf логотип

openSUSE-SU-2018:2855-1

suse-cvrf
почти 7 лет назад

Security update for nodejs8

EPSS

Процентиль: 75%
0.0096
Низкий

5 Medium

CVSS2

7.5 High

CVSS3