2 matches found
CVE-2020-8174
napigetvaluestring allows various kinds of memory corruption in node 10.21.0, 12.18.0, and 14.4.0...
nodejs: memory corruption in napi_get_value_string_* functions
A flaw was found in nodejs. Calling napigetvaluestringlatin1, napigetvaluestringutf8, or napigetvaluestringutf16 with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer...