Please sign in to comment.
buffer: avoid overrun on UCS-2 string write
CVE-2018-12115 Discovered by ChALkeR - Сковорода Никита Андреевич Fix by Anna Henningsen Writing to the second-to-last byte with UCS-2 encoding will cause a -1 length to be send to String::Write(), writing all of the provided Buffer from that point and beyond. Fixes: nodejs-private/security#203 PR-URL: nodejs-private/node-private#138
- Loading branch information...
Showing with 26 additions and 1 deletion.