Test ID:	1.3.6.1.4.1.25623.1.0.112362
Category:	Denial of Service
Title:	Node.js < 10.9.0, < 8.11.4, < 6.14.4 OOB Write Vulnerability - Mac OS X
Summary:	Node.js is prone to an out-of-bounds write vulnerability.
Description:	Summary: Node.js is prone to an out-of-bounds write vulnerability. Vulnerability Insight: An OOB write in Buffer can be used to write to memory outside of a Buffer's memory space. This can corrupt unrelated Buffer objects or cause the Node.js process to crash. When used with UCS-2 encoding (recognized by Node.js under the names 'ucs2', 'ucs-2', 'utf16le' and 'utf-16le'), Buffer#write() can be abused to write outside of the bounds of a single Buffer. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written. Affected Software/OS: Node.js versions 6.x prior to 6.14.4, 8.x prior to 8.11.4 and 10.x prior to 10.9.0. Solution: Upgrade to Node.js version 6.14.4, 8.11.4 or 10.9.0 respectively. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-12115 BugTraq ID: 105127 http://www.securityfocus.com/bid/105127 https://security.gentoo.org/glsa/202003-48 RedHat Security Advisories: RHSA-2018:2552 https://access.redhat.com/errata/RHSA-2018:2552 RedHat Security Advisories: RHSA-2018:2553 https://access.redhat.com/errata/RHSA-2018:2553 RedHat Security Advisories: RHSA-2018:2944 https://access.redhat.com/errata/RHSA-2018:2944 RedHat Security Advisories: RHSA-2018:2949 https://access.redhat.com/errata/RHSA-2018:2949 RedHat Security Advisories: RHSA-2018:3537 https://access.redhat.com/errata/RHSA-2018:3537
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.