Lucene search
K

22 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:33 a.m.3 views

SUSE CVE-2018-3745

atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below...

9.1CVSS9.1AI score0.02174EPSS
Exploits1References3
NVD
NVD
added 2020/12/03 9:15 p.m.27 views

CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

6.5CVSS6.3AI score0.03638EPSS
Exploits1References3
OSV
OSV
added 2020/12/03 9:15 p.m.9 views

CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

6.5CVSS6.5AI score
Exploits0References3
Prion
Prion
added 2020/12/03 9:15 p.m.11 views

Out-of-bounds

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

5.8CVSS6.4AI score0.03638EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/12/03 9:0 p.m.40 views

CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

6.2AI score0.03638EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2020/12/03 9:0 p.m.13 views

CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

6.5CVSS6.6AI score0.03638EPSS
Exploits1
OSV
OSV
added 2020/09/01 8:42 p.m.10 views

GHSA-RVG8-PWQ2-XJ7Q Out-of-bounds Read in base64url

Versions of base64url before 3.0.0 are vulnerable to to out-of-bounds reads as it allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below. Recommendation Update to version 3.0.0 or later...

7.1AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2020/09/01 8:42 p.m.34 views

Out-of-bounds Read in base64url

Versions of base64url before 3.0.0 are vulnerable to to out-of-bounds reads as it allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below. Recommendation Update to version 3.0.0 or later...

4.2AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/06/20 6:22 p.m.30 views

Out-of-bounds Read in stringstream

All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module i...

6.5CVSS4AI score0.03638EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/06/12 4:37 p.m.19 views

Out-of-bounds Read in npmconf

Versions of npmconf before 2.1.3 allocate and write to disk uninitialized memory contents when a typed number is passed as input on Node.js 4.x. Recommendation Update to version 2.1.3 or later. Consider switching to another config storage mechanism, as npmconf is deprecated and should not be used...

3.7AI score
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/22 12:0 a.m.34 views

SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2019:0117-1)

This update for nodejs4 fixes the following issues : Security issues fixed : CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation bsc1113652 CVE-2018-5407: Fixed a hyperthread port content side channel attack aka 'PortSmash' bsc1113534 CVE-2018-12120: Fixed that the debugge...

8.1CVSS7.2AI score0.41288EPSS
Exploits4References22
NVD
NVD
added 2018/05/29 8:29 p.m.19 views

CVE-2018-3745

atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below...

9.1CVSS9.3AI score0.02174EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/05/29 8:0 p.m.24 views

CVE-2018-3745

atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below...

9.3AI score0.02174EPSS
Exploits1References2
OSV
OSV
added 2018/05/17 2:29 p.m.31 views

CVE-2018-7158

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

7.5CVSS7.2AI score
Exploits0References1
Node.js
Node.js
added 2018/05/16 7:39 p.m.531 views

Out-of-bounds Read

Overview Versions of stringstream before 0.0.6 are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below. Recommendation Upgrade to version 0.0.6 or later. References - HackerOne Report -...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/05/16 7:16 p.m.530 views

Out-of-bounds Read

Overview Versions of base64url before 3.0.0 are vulnerable to to out-of-bounds reads as it allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below. Recommendation Update to version 3.0.0 or later. References - HackerOne Report - PR 25 - GitHub Advisory...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/05/16 5:35 p.m.526 views

Out-of-bounds Read

Overview Versions of npmconf before 2.1.3 allocate and write to disk uninitialized memory contents when a typed number is passed as input on Node.js 4.x. Recommendation Update to version 2.1.3 or later. Consider switching to another config storage mechanism, as npmconf is deprecated and should no...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/05/16 4:30 p.m.520 views

Out-of-bounds Read

Overview Versions of atob before 2.1.0 uninitialized Buffers when number is passed in input on Node.js 4.x and below. Recommendation Update to version 2.1.0 or later. References - HackerOne Report - GitHub Advisory...

6.8AI score
Exploits0Affected Software1
Hacker One
Hacker One
added 2018/03/03 11:35 p.m.15 views

Node.js third-party modules: `base64url` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below

I would like to report an uninitialized Buffer allocation issue in base64url. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed e.g. from JSON, on Node.js 4.x and lower. Module module name:...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2018/03/03 11:22 p.m.77 views

Node.js third-party modules: `atob` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below

I would like to report an uninitialized Buffer allocation issue in atob. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed e.g. from JSON, on Node.js 4.x and lower. Module module name: atob...

6.4CVSS0.2AI score0.02174EPSS
Exploits1
Rows per page
Query Builder