VDB

ALPINE-CVE-2017-15896

ALPINE-CVE-2017-15896 PUBLISHED CVSS 9.100000381469727 CRITICAL

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.

Risk Scores

CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Alpine:v3.22nodejs0, 0, 0
Alpine:v3.10nodejs4.5.0-r0, 6.10.0-r0, 6.10.3-r0
Alpine:v3.17nodejs6.9.2-r0, 4.4.3-r0, 4.4.4-r0
Alpine:v3.12nodejs0, 0, 8.9.2-r0
Alpine:v3.14nodejs6.10.3-r0, 6.11.0-r0, 6.11.1-r0
Alpine:v3.11nodejs8.9.2-r0, 0, 4.4.4-r0
Alpine:v3.23nodejs0, 0, 0
Alpine:v3.16nodejs6.11.5-r0, 6.9.1-r1, 6.9.4-r0
Alpine:v3.7nodejs6.11.1-r0, 4.4.4-r0, 0
Alpine:v3.19nodejs0, 4.4.3-r0, 4.4.4-r0
Alpine:v3.18nodejs6.10.3-r0, 0, 4.4.5-r0
Alpine:v3.20nodejs4.4.3-r0, 0, 0
Alpine:v3.9nodejs6.9.5-r0, 6.9.4-r1, 6.9.4-r0
Alpine:v3.15nodejs6.9.1-r0, 4.4.3-r0, 4.4.4-r0
Alpine:v3.21nodejs0, 0, 0
Alpine:v3.13nodejs6.11.1-r2, 6.11.3-r0, 6.11.4-r0
Alpine:v3.8nodejs6.11.1-r2, 6.11.3-r0, 6.11.4-r0
Alpine:v3.24nodejs0

Timeline

  • Dec 11, 2017 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›