Red Hat Bugzilla – Bug 1591006
CVE-2018-7167 nodejs: Denial of Service by calling Buffer.fill() or Buffer.alloc() with specially crafted parameters
Last modified: 2018-08-07 01:25:07 EDT
A flaw was found in Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x. Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service.
Created nodejs tracking bugs for this issue:
Affects: epel-all [bug 1591007]
Affects: fedora-all [bug 1591009]
RHOAR NodeJS 10.4.1, has already been released with fixes for this issue.
While jenkins-slave-nodejs8 includes a vulnerable version of NodeJS 8, users are not able to affect other uses of the platform.