Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
buffer: avoid overrun on UCS-2 string write
CVE-2018-12115 Discovered by ChALkeR - Сковорода Никита Андреевич Fix by Anna Henningsen Writing to the second-to-last byte with UCS-2 encoding will cause a -1 length to be send to String::Write(), writing all of the provided Buffer from that point and beyond. Fixes: nodejs-private/security#203 PR-URL: nodejs-private/node-private#138
- Loading branch information