CVE-2018-12115

Impact:
Important
Public Date:
2018-08-11
CWE:
CWE-119
Bugzilla:
1620219: CVE-2018-12115 nodejs: Out of bounds (OOB) write via UCS-2 encoding

The MITRE CVE dictionary describes this issue as:

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.

Find out more about CVE-2018-12115 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Openshift Container Platform 3.x versions are potentially vulnerable via the nodejs-slave-jenkins and nodejs-node-jenkins components. However a build would have to occur with a malicious jenkins pipeline, or nodejs source code supplied by an attacker, reducing the impact of this flaw to moderate.

CVSS v3 metrics

CVSS3 Base Score 8.1
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat OpenShift Container Platform 3.11 RHSA-2018:3537 2018-11-20
Red Hat Software Collections for Red Hat Enterprise Linux 7 (rh-nodejs8-nodejs) RHSA-2018:2949 2018-10-18
Red Hat Software Collections for Red Hat Enterprise Linux 7 (rh-nodejs6-nodejs) RHSA-2018:2944 2018-10-18
Red Hat Software Collections for Red Hat Enterprise Linux 6 (rh-nodejs6-nodejs) RHSA-2018:2944 2018-10-18
Red Hat OpenShift Application Runtimes 1.0 (rhoar-nodejs) RHSA-2018:2553 2018-08-22
Red Hat OpenShift Application Runtimes 1.0 (rhoar-nodejs) RHSA-2018:2552 2018-08-22

Affected Packages State

Platform Package State
Red Hat Software Collections for Red Hat Enterprise Linux rh-nodejs4-nodejs Will not fix
Red Hat Software Collections for Red Hat Enterprise Linux rh-nodejs10-nodejs Under investigation
Red Hat OpenShift Enterprise 3.2 logging-auth-proxy Not affected
Red Hat OpenShift Enterprise 3.2 logging-kibana Not affected
Red Hat OpenShift Enterprise 3.2 jenkins-slave-nodejs Will not fix
Red Hat OpenShift Enterprise 3.1 jenkins-slave-nodejs Will not fix
Red Hat OpenShift Enterprise 3.1 logging-kibana Not affected
Red Hat OpenShift Enterprise 3.1 logging-auth-proxy Not affected
Red Hat OpenShift Enterprise 3.0 logging-kibana Not affected
Red Hat OpenShift Enterprise 3.0 logging-auth-proxy Not affected
Red Hat OpenShift Enterprise 3.0 jenkins-slave-nodejs Will not fix
Red Hat OpenShift Container Platform 3.9 jenkins-slave-nodejs Will not fix
Red Hat OpenShift Container Platform 3.9 logging-auth-proxy Not affected
Red Hat OpenShift Container Platform 3.9 logging-kibana Not affected
Red Hat OpenShift Container Platform 3.7 jenkins-slave-nodejs Will not fix
Red Hat OpenShift Container Platform 3.7 logging-auth-proxy Not affected
Red Hat OpenShift Container Platform 3.7 logging-kibana Not affected
Red Hat OpenShift Container Platform 3.6 logging-auth-proxy Not affected
Red Hat OpenShift Container Platform 3.6 jenkins-slave-nodejs Will not fix
Red Hat OpenShift Container Platform 3.6 logging-kibana Not affected
Red Hat OpenShift Container Platform 3.5 logging-auth-proxy Not affected
Red Hat OpenShift Container Platform 3.5 logging-kibana Not affected
Red Hat OpenShift Container Platform 3.5 jenkins-slave-nodejs Will not fix
Red Hat OpenShift Container Platform 3.4 jenkins-slave-nodejs Will not fix
Red Hat OpenShift Container Platform 3.4 logging-auth-proxy Not affected
Red Hat OpenShift Container Platform 3.4 logging-kibana Not affected
Red Hat OpenShift Container Platform 3.3 logging-auth-proxy Not affected
Red Hat OpenShift Container Platform 3.3 logging-kibana Not affected
Red Hat OpenShift Container Platform 3.3 jenkins-slave-nodejs Will not fix
Red Hat OpenShift Container Platform 3.10 logging-auth-proxy Not affected
Red Hat OpenShift Container Platform 3.10 jenkins-agent-nodejs Affected
Red Hat OpenShift Container Platform 3.10 logging-kibana Not affected
Red Hat Mobile Application Platform On-Premise 4 nodejs Affected
Red Hat Enterprise Linux 8 nodejs Not affected

Mitigation

On Openshift Container Platform 3.x you can override the container image used on the Jenkins Slave by specifying the JENKINS_SLAVE_IMAGE environment variable in your jenkins deployment configuration. Ref:

https://github.com/openshift/jenkins/blob/8e1ab16fb5f44d6570018c5dfa3407692fdba6e5/2/contrib/jenkins/kube-slave-common.sh#L27-L33

Last Modified

CVE description copyright © 2017, The MITRE Corporation