Back to search
CVE-2018-12115
Published: Aug 21, 2018
Modified: Sep 16, 2024
PUBLISHED
Description
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.
| Vendor | Product | Versions |
|---|---|---|
The Node.js Project | Node.js | affected All versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 |
Weaknesses (CWE)
References
105127
vdb-entry
x_refsource_BID
RHSA-2018:2552
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2553
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2944
vendor-advisory
x_refsource_REDHAT
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
x_refsource_CONFIRM
RHSA-2018:3537
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2949
vendor-advisory
x_refsource_REDHAT
GLSA-202003-48
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now