Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Node.js < 10.9.0, < 8.11.4, < 6.14.4 OOB Write Vulnerability (Mac OS X)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is installed with Node.js and is prone to an out-of-bounds write vulnerability.
Insight
Insight
An OOB write in Buffer can be used to write to memory outside of a Buffer's memory space. This can corrupt unrelated Buffer objects or cause the Node.js process to crash. When used with UCS-2 encoding (recognized by Node.js under the names 'ucs2', 'ucs-2', 'utf16le' and 'utf-16le'), Buffer#write() can be abused to write outside of the bounds of a single Buffer. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.
Affected Software
Affected Software
Node.js versions 6.x prior to 6.14.4, 8.x prior to 8.11.4 and 10.x prior to 10.9.0.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Upgrade to Node.js version 6.14.4, 8.11.4 or 10.9.0 respectively.