Out-of-bounds Read

2018-05-16T17:35:54
ID NODEJS:653
Type nodejs
Reporter Сковорода Никита Андреевич
Modified 2018-05-16T17:52:30

Description

Overview

Versions of npmconf before 2.1.3 allocate and write to disk uninitialized memory contents when a typed number is passed as input on Node.js 4.x.

Recommendation

Update to version 2.1.3 or later. Consider switching to another config storage mechanism, as npmconf is deprecated and should not be used.

References