EUVD-2019-0549

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-21270

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number...

Out-of-Bounds read in stringstream

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x. WITHDRAWN This is a duplicate of GHSA-mf6x-7mm4-x2g7...

GHSA-QPW2-XCHM-655Q Out-of-Bounds read in stringstream

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x. WITHDRAWN This is a duplicate of GHSA-mf6x-7mm4-x2g7...

CVE-2018-21270

A flaw was found in nodejs-stringstream. Node.js stringstream module is vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream...

DEBIAN-CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

Out-of-bounds

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

UBUNTU-CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

CVE-2018-21270

CVE-2018-21270 affects the Node.js stringstream module: versions

Mhart Stringstream Buffer Error Vulnerability

Mhart Stringstream is a JS-based code library for converting Stream data streams directly to string type by Mhart individual developers. A buffer error vulnerability exists in the Node.js stringstream module prior to version 0.0.6, which stems from susceptibility to out-of-bounds reads, as an...

Out-of-Bounds Read

stringstream is vulnerable to out-of-bounds read. The vulnerability exists due to a lack of validation to ensure data is not of type number. Successful exploitation leads to memory disclosure...

Out-of-bounds Read in stringstream

All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module i...

GHSA-MF6X-7MM4-X2G7 Out-of-bounds Read in stringstream

All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module i...

@cidroy/frappe-gantt (=0.8.2), @hatchloyalty/hatch-lab (>=1.0.2 <=1.0.6) +47 more potentially affected by CVE-2018-21270 via stringstream (>=0.0.4 <=0.0.5)

stringstream NPM version =0.0.4, =1.0.2, =0.1.0, =1.0.3-beta, =1.1.2, =1.0.0, =1.0.0, =1.0.2 and more Source cves: CVE-2018-21270 Source advisory: OSV:GHSA-MF6X-7MM4-X2G7...

Out-of-bounds Read

Overview Versions of stringstream before 0.0.6 are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below. Recommendation Upgrade to version 0.0.6 or later. References - HackerOne Report -...

Denial Of Service (DoS)

stringstream is vulnerable to denial of service DoS attacks. The vulnerability exists due to the lack of validation for sane input where a large number can be entered to a stream, causing a DoS attack. In some cases, information disclosure through uninitialized memory is also possible...