GHSA-qpw2-xchm-655q

Опубликовано: 06 янв. 2022

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Out-of-Bounds read in stringstream

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).

WITHDRAWN

This is a duplicate of GHSA-mf6x-7mm4-x2g7

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2018-21270
https://github.com/mhart/StringStream/issues/7
https://github.com/mhart/StringStream/commit/2f4a9d496f94b0880e01a26857aa266a5a3ef274
https://hackerone.com/reports/321670
https://www.npmjs.com/advisories/664

Пакеты

Наименование

stringstream

npm

Затронутые версииВерсия исправления

< 0.0.6

0.0.6

6.5 Medium

CVSS3

Дефекты

CWE-125

6.5 Medium

CVSS3

Дефекты

CWE-125