CVE-2017-15897

Name of the Vulnerable Software and Affected Versions Node.js versions 8.X through 9.X

Description The issue arises when the encoding for the fill value does not match the encoding specified, causing buffers to not be initialized correctly. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex")' would be problematic. The buffer implementation was updated to initialize the buffer to all zeros in such cases.

Recommendations For Node.js versions 8.X through 9.X, update the buffer implementation to initialize buffers to all zeros when the encoding for the fill value does not match the encoding specified. As a temporary workaround, consider initializing buffers manually to all zeros in cases where encoding mismatches occur.