Oval Definition:oval:org.opensuse.security:def:20187166
Revision Date:2022-09-02Version:1
Title:CVE-2018-7166
Description:

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-7166
Mitre CVE-2018-7166
SUSE CVE-2018-7166
Platform(s):SUSE CaaS Platform 4.0
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Web Scripting 15 SP1
SUSE Linux Enterprise Module for Web Scripting 15 SP2
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 6
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.0
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.0
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.0
SUSE Manager Server 4.1
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND nodejs6 is affected
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed
  • AND Package Information
  • nodejs10-10.15.2-1.6 is installed
  • OR nodejs10-devel-10.15.2-1.6 is installed
  • OR nodejs10-docs-10.15.2-1.6 is installed
  • OR npm10-10.15.2-1.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 SP2 is installed
  • AND Package Information
  • nodejs10-10.19.0-1.18 is installed
  • OR nodejs10-devel-10.19.0-1.18 is installed
  • OR nodejs10-docs-10.19.0-1.18 is installed
  • OR npm10-10.19.0-1.18 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed
  • AND
  • nodejs10-10.15.2-1.6 is installed
  • OR nodejs10-devel-10.15.2-1.6 is installed
  • OR nodejs10-docs-10.15.2-1.6 is installed
  • OR npm10-10.15.2-1.6 is installed
  • OR Package Information
  • SUSE Linux Enterprise Module for Web Scripting 15 SP2 is installed
  • AND
  • nodejs10-10.19.0-1.18 is installed
  • OR nodejs10-devel-10.19.0-1.18 is installed
  • OR nodejs10-docs-10.19.0-1.18 is installed
  • OR npm10-10.19.0-1.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed
  • AND Package Information
  • nodejs10-10.15.2-1.6.1 is installed
  • OR nodejs10-devel-10.15.2-1.6.1 is installed
  • OR nodejs10-docs-10.15.2-1.6.1 is installed
  • OR npm10-10.15.2-1.6.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 SP2 is installed
  • AND Package Information
  • nodejs10-10.19.0-1.18.1 is installed
  • OR nodejs10-devel-10.19.0-1.18.1 is installed
  • OR nodejs10-docs-10.19.0-1.18.1 is installed
  • OR npm10-10.19.0-1.18.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed
  • AND
  • nodejs10-10.15.2-1.6.1 is installed
  • OR nodejs10-devel-10.15.2-1.6.1 is installed
  • OR nodejs10-docs-10.15.2-1.6.1 is installed
  • OR npm10-10.15.2-1.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Module for Web Scripting 15 SP2 is installed
  • AND
  • nodejs10-10.19.0-1.18.1 is installed
  • OR nodejs10-devel-10.19.0-1.18.1 is installed
  • OR nodejs10-docs-10.19.0-1.18.1 is installed
  • OR npm10-10.19.0-1.18.1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND nodejs6 is affected
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND nodejs6 is affected
    • Definition Synopsis
  • Release Information
  • SUSE CaaS Platform 4.0 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND
  • nodejs10 is affected
  • OR nodejs10-devel is affected
  • OR nodejs10-docs is affected
  • OR npm10 is affected
  • OR nodejs8 is affected
  • OR nodejs8-devel is affected
  • OR nodejs8-docs is affected
  • OR npm8 is affected
  • OR Package Information
  • SUSE Linux Enterprise High Performance Computing 15 SP1 is installed
  • OR SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed
  • OR SUSE Linux Enterprise Server 15 SP1 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • OR SUSE Linux Enterprise Storage 6 is installed
  • OR SUSE Manager Proxy 4.0 is installed
  • OR SUSE Manager Retail Branch Server 4.0 is installed
  • OR SUSE Manager Server 4.0 is installed
  • AND
  • nodejs10-10.15.2-1.6.1 is installed
  • OR nodejs10-devel-10.15.2-1.6.1 is installed
  • OR nodejs10-docs-10.15.2-1.6.1 is installed
  • OR npm10-10.15.2-1.6.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND
  • nodejs10 is affected
  • OR nodejs10-devel is affected
  • OR nodejs10-docs is affected
  • OR npm10 is affected
  • OR nodejs8 is affected
  • OR nodejs8-devel is affected
  • OR nodejs8-docs is affected
  • OR npm8 is affected
  • OR Package Information
  • SUSE Manager Proxy 4.0 is installed
  • OR SUSE Manager Retail Branch Server 4.0 is installed
  • OR SUSE Manager Server 4.0 is installed
  • AND
  • nodejs10 is affected
  • OR nodejs8 is affected
  • OR Package Information
  • SUSE Linux Enterprise High Performance Computing 15 SP1 is installed
  • OR SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed
  • OR SUSE Linux Enterprise Server 15 SP1 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • OR SUSE Linux Enterprise Storage 6 is installed
  • OR SUSE Manager Proxy 4.0 is installed
  • OR SUSE Manager Retail Branch Server 4.0 is installed
  • OR SUSE Manager Server 4.0 is installed
  • AND
  • nodejs10-10.15.2-1.6.1 is installed
  • OR nodejs10-devel-10.15.2-1.6.1 is installed
  • OR nodejs10-docs-10.15.2-1.6.1 is installed
  • OR npm10-10.15.2-1.6.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 15 SP2 is installed
  • OR SUSE Linux Enterprise Module for Web Scripting 15 SP2 is installed
  • OR SUSE Linux Enterprise Server 15 SP2 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • OR SUSE Linux Enterprise Storage 7 is installed
  • OR SUSE Manager Proxy 4.1 is installed
  • OR SUSE Manager Retail Branch Server 4.1 is installed
  • OR SUSE Manager Server 4.1 is installed
  • AND Package Information
  • nodejs10-10.19.0-1.18.1 is installed
  • OR nodejs10-devel-10.19.0-1.18.1 is installed
  • OR nodejs10-docs-10.19.0-1.18.1 is installed
  • OR npm10-10.19.0-1.18.1 is installed
    • BACK