{"containers": {"cna": {"affected": [{"product": "Node.js", "vendor": "The Node.js Project", "versions": [{"status": "affected", "version": "All versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0"}]}], "datePublic": "2018-08-12T00:00:00", "descriptions": [{"lang": "en", "value": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-03-20T20:06:12", "orgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558", "shortName": "nodejs"}, "references": [{"name": "105127", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105127"}, {"name": "RHSA-2018:2552", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2552"}, {"name": "RHSA-2018:2553", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2553"}, {"name": "RHSA-2018:2944", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2944"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"}, {"name": "RHSA-2018:3537", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3537"}, {"name": "RHSA-2018:2949", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2949"}, {"name": "GLSA-202003-48", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-48"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-request@iojs.org", "DATE_PUBLIC": "2018-08-12T00:00:00", "ID": "CVE-2018-12115", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Node.js", "version": {"version_data": [{"version_value": "All versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0"}]}}]}, "vendor_name": "The Node.js Project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-787: Out-of-bounds Write"}]}]}, "references": {"reference_data": [{"name": "105127", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105127"}, {"name": "RHSA-2018:2552", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2552"}, {"name": "RHSA-2018:2553", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2553"}, {"name": "RHSA-2018:2944", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2944"}, {"name": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"}, {"name": "RHSA-2018:3537", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3537"}, {"name": "RHSA-2018:2949", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2949"}, {"name": "GLSA-202003-48", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-48"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:24:03.759Z"}, "title": "CVE Program Container", "references": [{"name": "105127", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105127"}, {"name": "RHSA-2018:2552", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2552"}, {"name": "RHSA-2018:2553", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2553"}, {"name": "RHSA-2018:2944", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2944"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"}, {"name": "RHSA-2018:3537", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3537"}, {"name": "RHSA-2018:2949", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2949"}, {"name": "GLSA-202003-48", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-48"}]}]}, "cveMetadata": {"assignerOrgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558", "assignerShortName": "nodejs", "cveId": "CVE-2018-12115", "datePublished": "2018-08-21T13:00:00Z", "dateReserved": "2018-06-11T00:00:00", "dateUpdated": "2024-09-16T16:48:58.679Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F608F84-5A94-4DC1-A7B8-E19028F96A40", "versionEndExcluding": "6.14.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "matchCriteriaId": "468A9D35-95E1-473B-A5D3-9BD78818F599", "versionEndExcluding": "8.11.4", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "matchCriteriaId": "48A01678-361E-4F23-B7D6-41B0C145F491", "versionEndExcluding": "10.9.0", "versionStartIncluding": "10.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written."}, {"lang": "es", "value": "En todas las versiones de Node.js anteriores a la 6.14.4, 8.11.4 y 10.9.0, cuando se utiliza con codificaci\u00f3n UCS-2 (reconocida por Node.js bajo los nombres \"ucs2\", \"ucs-2\", \"utf16le\" y \"utf-16le\"), se puede explotar \"Buffer#write()\" para escribir fuera de los l\u00edmites de un b\u00fafer. Las escrituras que empiezan desde la segunda hasta la \u00faltima posici\u00f3n de un b\u00fafer provocan un error de c\u00e1lculo de la longitud m\u00e1xima de los bytes de entrada que se van a escribir."}], "id": "CVE-2018-12115", "lastModified": "2020-03-20T21:15:13.610", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-21T12:29:00.210", "references": [{"source": "cve-request@iojs.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105127"}, {"source": "cve-request@iojs.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2552"}, {"source": "cve-request@iojs.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2553"}, {"source": "cve-request@iojs.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2944"}, {"source": "cve-request@iojs.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2949"}, {"source": "cve-request@iojs.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3537"}, {"source": "cve-request@iojs.org", "tags": ["Vendor Advisory"], "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"}, {"source": "cve-request@iojs.org", "url": "https://security.gentoo.org/glsa/202003-48"}], "sourceIdentifier": "cve-request@iojs.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "cve-request@iojs.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2018:2553", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0::el7", "package": "rhoar-nodejs-1:10.9.0-1.el7", "product_name": "Red Hat OpenShift Application Runtimes Node.js 10", "release_date": "2018-08-22T00:00:00Z"}, {"advisory": "RHSA-2018:2552", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0::el7", "package": "rhoar-nodejs-1:8.11.4-2.el7", "product_name": "Red Hat OpenShift Application Runtimes Node.js 8", "release_date": "2018-08-22T00:00:00Z"}, {"advisory": "RHSA-2018:3537", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "jenkins-2-plugins-0:3.11.1539805268-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2018-11-20T00:00:00Z"}, {"advisory": "RHSA-2018:2944", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-nodejs6-nodejs-0:6.11.3-6.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-10-18T00:00:00Z"}, {"advisory": "RHSA-2018:2944", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-nodejs6-nodejs-0:6.11.3-6.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2018-10-18T00:00:00Z"}, {"advisory": "RHSA-2018:2944", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs6-nodejs-0:6.11.3-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-10-18T00:00:00Z"}, {"advisory": "RHSA-2018:2949", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs8-nodejs-0:8.11.4-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-10-18T00:00:00Z"}, {"advisory": "RHSA-2018:2944", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs6-nodejs-0:6.11.3-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2018-10-18T00:00:00Z"}, {"advisory": "RHSA-2018:2944", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs6-nodejs-0:6.11.3-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-10-18T00:00:00Z"}, {"advisory": "RHSA-2018:2949", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs8-nodejs-0:8.11.4-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-10-18T00:00:00Z"}, {"advisory": "RHSA-2018:2944", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs6-nodejs-0:6.11.3-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-10-18T00:00:00Z"}, {"advisory": "RHSA-2018:2949", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs8-nodejs-0:8.11.4-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-10-18T00:00:00Z"}], "bugzilla": {"description": "nodejs: Out of bounds (OOB) write via UCS-2 encoding", "id": "1620219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written."], "mitigation": {"lang": "en:us", "value": "On Openshift Container Platform 3.x you can override the container image used on the Jenkins Slave by specifying the JENKINS_SLAVE_IMAGE environment variable in your jenkins deployment configuration. Ref:\nhttps://github.com/openshift/jenkins/blob/8e1ab16fb5f44d6570018c5dfa3407692fdba6e5/2/contrib/jenkins/kube-slave-common.sh#L27-L33"}, "name": "CVE-2018-12115", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "nodejs:10/nodejs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:mobile_application_platform:4", "fix_state": "Will not fix", "package_name": "nodejs", "product_name": "Red Hat Mobile Application Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Not affected", "package_name": "logging-auth-proxy", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Not affected", "package_name": "logging-kibana", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "logging-auth-proxy", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "logging-kibana", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.2", "fix_state": "Not affected", "package_name": "logging-auth-proxy", "product_name": "Red Hat OpenShift Container Platform 3.2"}, {"cpe": "cpe:/a:redhat:openshift:3.2", "fix_state": "Not affected", "package_name": "logging-kibana", "product_name": "Red Hat OpenShift Container Platform 3.2"}, {"cpe": "cpe:/a:redhat:openshift:3.3", "fix_state": "Not affected", "package_name": "logging-auth-proxy", "product_name": "Red Hat OpenShift Container Platform 3.3"}, {"cpe": "cpe:/a:redhat:openshift:3.3", "fix_state": "Not affected", "package_name": "logging-kibana", "product_name": "Red Hat OpenShift Container Platform 3.3"}, {"cpe": "cpe:/a:redhat:openshift:3.4", "fix_state": "Not affected", "package_name": "logging-auth-proxy", "product_name": "Red Hat OpenShift Container Platform 3.4"}, {"cpe": "cpe:/a:redhat:openshift:3.4", "fix_state": "Not affected", "package_name": "logging-kibana", "product_name": "Red Hat OpenShift Container Platform 3.4"}, {"cpe": "cpe:/a:redhat:openshift:3.5", "fix_state": "Not affected", "package_name": "logging-auth-proxy", "product_name": "Red Hat OpenShift Container Platform 3.5"}, {"cpe": "cpe:/a:redhat:openshift:3.5", "fix_state": "Not affected", "package_name": "logging-kibana", "product_name": "Red Hat OpenShift Container Platform 3.5"}, {"cpe": "cpe:/a:redhat:openshift:3.6", "fix_state": "Not affected", "package_name": "logging-auth-proxy", "product_name": "Red Hat OpenShift Container Platform 3.6"}, {"cpe": "cpe:/a:redhat:openshift:3.6", "fix_state": "Not affected", "package_name": "logging-kibana", "product_name": "Red Hat OpenShift Container Platform 3.6"}, {"cpe": "cpe:/a:redhat:openshift:3.7", "fix_state": "Not affected", "package_name": "logging-auth-proxy", "product_name": "Red Hat OpenShift Container Platform 3.7"}, {"cpe": "cpe:/a:redhat:openshift:3.7", "fix_state": "Not affected", "package_name": "logging-kibana", "product_name": "Red Hat OpenShift Container Platform 3.7"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Not affected", "package_name": "logging-auth-proxy", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Not affected", "package_name": "logging-kibana", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:3.0", "fix_state": "Not affected", "package_name": "logging-auth-proxy", "product_name": "Red Hat OpenShift Enterprise 3.0"}, {"cpe": "cpe:/a:redhat:openshift:3.0", "fix_state": "Not affected", "package_name": "logging-kibana", "product_name": "Red Hat OpenShift Enterprise 3.0"}, {"cpe": "cpe:/a:redhat:openshift:3.1", "fix_state": "Not affected", "package_name": "logging-auth-proxy", "product_name": "Red Hat OpenShift Enterprise 3.1"}, {"cpe": "cpe:/a:redhat:openshift:3.1", "fix_state": "Not affected", "package_name": "logging-kibana", "product_name": "Red Hat OpenShift Enterprise 3.1"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-nodejs10-nodejs", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-nodejs4-nodejs", "product_name": "Red Hat Software Collections"}], "public_date": "2018-08-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-12115\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12115"], "statement": "Openshift Container Platform 3.x versions are potentially vulnerable via the jenkins-slave-nodejs and jenkins-agent-nodejs containers. However a build would have to occur with a malicious jenkins pipeline, or nodejs source code supplied by an attacker, reducing the impact of this flaw to moderate. Both container images used nodejs delivered from Red Hat Software Collections.", "threat_severity": "Important", "upstream_fix": "nodejs 10.9.0, nodejs 8.11.4, nodejs 6.14.4"}