6 matches found
Remote Memory Exposure in bl
A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1, 2.2.1, and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in consume argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via...
CVE-2020-8244
A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1, 2.2.1, and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in consume argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via...
DEBIAN-CVE-2020-8244
A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1, 2.2.1, and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in consume argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via...
CVE-2020-8244
A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1, 2.2.1, and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in consume argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via...
CVE-2020-8244
CVE-2020-8244 is a buffer over-read in the Node.js bl module, where input in consume() can become negative and corrupt BufferList state, potentially exposing uninitialized memory via slice(). Affected are bl versions <4.0.3, <3.0.1, <2.2.1, and
Node.js third-party modules: [bl] Uninitialized memory exposure via negative .consume()
Module module name: bl version: 4.0.2 npm page: https://www.npmjs.com/package/bl Module Description A Node.js Buffer list collector, reader and streamer thingy. Module Stats 8 660 595 weekly downloads Vulnerability Vulnerability Description If user input even typed ends up in consume argument and...