Описание
node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.
EPSS
Процентиль: 0%
0.00005
Низкий
Дефекты
CWE-362
Связанные уязвимости
ubuntu
3 месяца назад
node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.
debian
3 месяца назад
node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { s ...
github
3 месяца назад
node-tar has a race condition leading to uninitialized memory exposure
EPSS
Процентиль: 0%
0.00005
Низкий
Дефекты
CWE-362