Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.112364
Category:Denial of Service
Title:Node.js 10.x < 10.9.0 Unintentional Exposure of Uninitialized Memory (Mac OS X)
Summary:Node.js is prone to an unintentional exposure of uninitialized memory.
Description:Summary:
Node.js is prone to an unintentional exposure of uninitialized memory.

Vulnerability Insight:
There is an argument processing flaw that causes Buffer.alloc() to return uninitialized memory.
This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number,
this is misinterpreted by Buffer's internal 'fill' method as the start to a fill operation.

This flaw may be abused where Buffer.alloc()
arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.

Affected Software/OS:
Node.js version 10.x prior to 10.9.0.

Solution:
Upgrade to Node.js 10.9.0.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-7166
RedHat Security Advisories: RHSA-2018:2553
https://access.redhat.com/errata/RHSA-2018:2553
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.