Lucene search

Veracode Vulnerability DatabaseVERACODE:26513

HistoryAug 28, 2020 - 2:47 a.m.

Denial Of Service (DoS)

2020-08-2802:47:08

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

JSON

bl is vulnerable to denial of service. An uninitialized memory access via negative .consume() allows an attacker to crash the application and potentially obtain confidential information that is stored in memory.

CPENameOperatorVersion
bleq3.0.0
blle1.2.2
blle2.2.0
blle4.0.2
bleq3.0.0
blle2.2.0
blle4.0.2
node-bl:bioniceq1.1.2-1ubuntu1

Name	Operator	Version
bl	eq	3.0.0
bl	le	1.2.2
bl	le	2.2.0
bl	le	4.0.2
bl	eq	3.0.0
bl	le	2.2.0
bl	le	4.0.2
node-bl:bionic	eq	1.1.2-1ubuntu1

References

github.com/advisories/GHSA-pp7h-53gx-mx7r

hackerone.com/reports/966347

lists.debian.org/debian-lts-announce/2021/06/msg00028.html

www.npmjs.com/advisories/1555

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

JSON

Related for VERACODE:26513