VDB

ALPINE-CVE-2017-15897

ALPINE-CVE-2017-15897 PUBLISHED CVSS 3.0999999046325684 LOW

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.

Risk Scores

CVSS 3.1
3.0999999046325684
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products

VendorProductVersions
Alpine:v3.7nodejs4.4.3-r0, 8.9.1-r0, 6.11.3-r0
Alpine:v3.8nodejs6.9.5-r1, 0, 0
Alpine:v3.13nodejs0, 0, 8.9.2-r0
Alpine:v3.18nodejs6.9.1-r1, 0, 0
Alpine:v3.15nodejs6.11.3-r0, 6.11.0-r0, 6.11.1-r0
Alpine:v3.16nodejs6.11.0-r0, 8.9.2-r0, 6.11.2-r0
Alpine:v3.20nodejs6.9.1-r0, 0, 4.4.3-r0
Alpine:v3.14nodejs0, 4.4.3-r0, 4.4.4-r0
Alpine:v3.19nodejs6.11.0-r0, 0, 4.4.3-r0
Alpine:v3.12nodejs4.4.4-r0, 6.10.0-r0, 6.10.1-r0
Alpine:v3.9nodejs6.11.4-r0, 6.11.2-r0, 6.11.1-r1
Alpine:v3.23nodejs0, 0, 0
Alpine:v3.10nodejs6.11.0-r0, 6.10.3-r0, 6.10.1-r0
Alpine:v3.22nodejs0, 0, 0
Alpine:v3.17nodejs6.9.4-r0, 6.9.2-r0, 6.9.1-r1
Alpine:v3.24nodejs0, 0
Alpine:v3.11nodejs6.11.3-r0, 0, 4.4.3-r0
Alpine:v3.21nodejs0, 0, 0

Timeline

  • Dec 11, 2017 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›