CVE-2018-12115
Published: 21 August 2018
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.
From the Ubuntu Security Team
Nikita Skovoroda discovered that Node.js mishandled certain input, leading to an out of bounds write. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
nodejs Launchpad, Ubuntu, Debian |
bionic |
Released
(8.10.0~dfsg-2ubuntu0.4+esm1)
Available with Ubuntu Pro |
| cosmic |
Not vulnerable
(8.11.4~dfsg-0ubuntu1)
|
|
| disco |
Not vulnerable
(8.11.4~dfsg-0ubuntu1)
|
|
| eoan |
Not vulnerable
(8.11.4~dfsg-0ubuntu1)
|
|
| focal |
Not vulnerable
(8.11.4~dfsg-0ubuntu1)
|
|
| groovy |
Not vulnerable
(8.11.4~dfsg-0ubuntu1)
|
|
| hirsute |
Not vulnerable
(8.11.4~dfsg-0ubuntu1)
|
|
| impish |
Not vulnerable
(8.11.4~dfsg-0ubuntu1)
|
|
| jammy |
Not vulnerable
(8.11.4~dfsg-0ubuntu1)
|
|
| kinetic |
Not vulnerable
(8.11.4~dfsg-0ubuntu1)
|
|
| lunar |
Not vulnerable
(8.11.4~dfsg-0ubuntu1)
|
|
| mantic |
Not vulnerable
(8.11.4~dfsg-0ubuntu1)
|
|
| noble |
Not vulnerable
(8.11.4~dfsg-0ubuntu1)
|
|
| trusty |
Needed
|
|
| upstream |
Released
(6.14.4, 8.11.4, 10.9.0)
|
|
| xenial |
Needed
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |