GHSA-V62P-RQ8G-8H59 pbkdf2 silently disregards Uint8Array input, returning static keys

Summary On historic but declared as supported Node.js versions 0.12-2.x, pbkdf2 silently disregards Uint8Array input This only affects Node.js = 0.12 and there seems to be ongoing effort in this repo to maintain that Support Uint8Array input input is typechecked against Uint8Array, and the error...

Generation of Predictable Numbers or Identifiers

Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers via the toBuffer function. An attacker can predict cryptographic keys that were generated using Uint8Array inputs on affected Node.js versions, leading to compromised security of derived...

CVE-2024-21524

All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example,...

CVE-2024-21524

All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example,...

PT-2024-18938 · Npm · Node-Stringbuilder

Name of the Vulnerable Software and Affected Versions: node-stringbuilder versions all Description: The issue arises from incorrect memory length calculation in the node-stringbuilder package, leading to an Out-of-bounds Read. This occurs when methods such as ToBuffer, ToString, or CharAt are...