CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

Out-of-bounds

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

GHSA-RVG8-PWQ2-XJ7Q Out-of-bounds Read in base64url

Versions of base64url before 3.0.0 are vulnerable to to out-of-bounds reads as it allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below. Recommendation Update to version 3.0.0 or later...

Out-of-bounds Read in base64url

Versions of base64url before 3.0.0 are vulnerable to to out-of-bounds reads as it allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below. Recommendation Update to version 3.0.0 or later...

Out-of-bounds Read in stringstream

All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module i...

Out-of-bounds Read in npmconf

Versions of npmconf before 2.1.3 allocate and write to disk uninitialized memory contents when a typed number is passed as input on Node.js 4.x. Recommendation Update to version 2.1.3 or later. Consider switching to another config storage mechanism, as npmconf is deprecated and should not be used...

CVE-2018-3745

atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below...

CVE-2018-3745

atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below...

CVE-2018-7158

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

Out-of-bounds Read

Overview Versions of stringstream before 0.0.6 are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below. Recommendation Upgrade to version 0.0.6 or later. References - HackerOne Report -...

Out-of-bounds Read

Overview Versions of base64url before 3.0.0 are vulnerable to to out-of-bounds reads as it allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below. Recommendation Update to version 3.0.0 or later. References - HackerOne Report - PR 25 - GitHub Advisory...

Out-of-bounds Read

Overview Versions of npmconf before 2.1.3 allocate and write to disk uninitialized memory contents when a typed number is passed as input on Node.js 4.x. Recommendation Update to version 2.1.3 or later. Consider switching to another config storage mechanism, as npmconf is deprecated and should no...

Out-of-bounds Read

Overview Versions of atob before 2.1.0 uninitialized Buffers when number is passed in input on Node.js 4.x and below. Recommendation Update to version 2.1.0 or later. References - HackerOne Report - GitHub Advisory...

Node.js third-party modules: `base64url` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below

I would like to report an uninitialized Buffer allocation issue in base64url. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed e.g. from JSON, on Node.js 4.x and lower. Module module name:...

Node.js third-party modules: `atob` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below

I would like to report an uninitialized Buffer allocation issue in atob. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed e.g. from JSON, on Node.js 4.x and lower. Module module name: atob...

Node.js third-party modules: `npmconf` (and `npm` js api) allocate and write to disk uninitialized memory content when a typed number is passed as input on Node.js 4.x

I would like to report a Buffer allocation issue in npmconf and npm package js api. It allows to extract sensitive content from uninitialized memory by passing typed input to setCredentialsByURI, limited to Node.js 4.x and below. Module module name: npmconf version: 2.1.2 npm page:...

CVE-2016-5325

CRLF injection vulnerability in the ServerResponsewriteHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument...