Описание
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
A flaw was found in nodejs-stringstream. Node.js stringstream module is vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream.
Отчет
Red Hat Quay include stringstream as a dependency of Karma. Karma is only used at build time, and not at runtime reducing the impact of this vulnerability to low.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | kibana | Not affected | ||
| Red Hat OpenShift Container Platform 4 | kibana | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-kibana6 | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-hadoop | Not affected | ||
| Red Hat Quay 3 | quay/quay-rhel8 | Fixed | RHSA-2021:3917 | 19.10.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
Versions less than 0.0.6 of the Node.js stringstream module are vulner ...
EPSS
6.5 Medium
CVSS3