VDB
ALPINE-CVE-2017-15897
ALPINE-CVE-2017-15897
PUBLISHED
CVSS 3.0999999046325684 LOW
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.
Risk Scores
CVSS 3.1
3.0999999046325684
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.7 | nodejs | 4.4.3-r0, 8.9.1-r0, 6.11.3-r0 |
| Alpine:v3.8 | nodejs | 6.9.5-r1, 0, 0 |
| Alpine:v3.13 | nodejs | 0, 0, 8.9.2-r0 |
| Alpine:v3.18 | nodejs | 6.9.1-r1, 0, 0 |
| Alpine:v3.15 | nodejs | 6.11.3-r0, 6.11.0-r0, 6.11.1-r0 |
| Alpine:v3.16 | nodejs | 6.11.0-r0, 8.9.2-r0, 6.11.2-r0 |
| Alpine:v3.20 | nodejs | 6.9.1-r0, 0, 4.4.3-r0 |
| Alpine:v3.14 | nodejs | 0, 4.4.3-r0, 4.4.4-r0 |
| Alpine:v3.19 | nodejs | 6.11.0-r0, 0, 4.4.3-r0 |
| Alpine:v3.12 | nodejs | 4.4.4-r0, 6.10.0-r0, 6.10.1-r0 |
| Alpine:v3.9 | nodejs | 6.11.4-r0, 6.11.2-r0, 6.11.1-r1 |
| Alpine:v3.23 | nodejs | 0, 0, 0 |
| Alpine:v3.10 | nodejs | 6.11.0-r0, 6.10.3-r0, 6.10.1-r0 |
| Alpine:v3.22 | nodejs | 0, 0, 0 |
| Alpine:v3.17 | nodejs | 6.9.4-r0, 6.9.2-r0, 6.9.1-r1 |
| Alpine:v3.24 | nodejs | 0, 0 |
| Alpine:v3.11 | nodejs | 6.11.3-r0, 0, 4.4.3-r0 |
| Alpine:v3.21 | nodejs | 0, 0, 0 |
Timeline
- Dec 11, 2017 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 15, 2026 CVE Updated