Описание
All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:fast_string_search_project:fast_string_search:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 33%
0.00133
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-682
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Uncontrolled Resource Consumption in fast-string-search
EPSS
Процентиль: 33%
0.00133
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-682