ALPINE-CVE-2017-15897 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2017-15897 PUBLISHED CVSS 3.0999999046325684 LOW

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.

Risk Scores

CVSS v3.1

3.0999999046325684

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.7	nodejs	0, 8.9.2-r0, 8.9.1-r0
Alpine:v3.8	nodejs	0, 8.9.2-r0, 8.9.1-r0
Alpine:v3.13	nodejs	6.11.3-r0, 4.4.3-r0, 4.4.5-r0
Alpine:v3.18	nodejs	0, 4.4.5-r0, 4.4.7-r0
Alpine:v3.15	nodejs	6.11.0-r0, 4.4.4-r0, 4.4.5-r0
Alpine:v3.16	nodejs	0, 4.4.5-r0, 4.4.7-r0
Alpine:v3.20	nodejs	6.9.5-r0, 0, 4.4.3-r0
Alpine:v3.14	nodejs	0, 4.4.4-r0, 4.5.0-r0
Alpine:v3.19	nodejs	8.9.2-r0, 0, 4.4.3-r0
Alpine:v3.12	nodejs	0, 8.9.2-r0, 8.9.1-r0
Alpine:v3.9	nodejs	6.10.1-r0, 4.4.3-r0, 4.4.5-r0
Alpine:v3.23	nodejs	0, 0, 0
Alpine:v3.10	nodejs	8.9.0-r0, 8.9.2-r0, 4.4.4-r0
Alpine:v3.22	nodejs	0, 0, 0
Alpine:v3.17	nodejs	4.4.5-r0, 0, 4.4.4-r0
Alpine:v3.11	nodejs	8.9.0-r0, 8.9.2-r0, 6.11.1-r1
Alpine:v3.21	nodejs	0, 0, 0

Timeline

Dec 11, 2017 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2017-15897 advisory

Open in Interactive Console →