SecuritySpace - CVE-2018-7166

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2018-7166

Description: In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.

Test IDs: 1.3.6.1.4.1.25623.1.0.112364 1.3.6.1.4.1.25623.1.0.112363

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2018-7166
RedHat Security Advisories: RHSA-2018:2553
https://access.redhat.com/errata/RHSA-2018:2553

CVE ID:	CVE-2018-7166
Description:	In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.
Test IDs:	1.3.6.1.4.1.25623.1.0.112364 1.3.6.1.4.1.25623.1.0.112363
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2018-7166 RedHat Security Advisories: RHSA-2018:2553 https://access.redhat.com/errata/RHSA-2018:2553