Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
References
Link | Resource |
---|---|
https://github.com/mhart/StringStream/issues/7 | Issue Tracking Third Party Advisory |
https://hackerone.com/reports/321670 | Exploit Third Party Advisory |
https://www.npmjs.com/advisories/664 | Exploit Third Party Advisory |
Configurations
History
16 Feb 2021, 14:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 6.5 |
Information
Published : 2020-12-03 21:15
Updated : 2023-12-10 13:41
NVD link : CVE-2018-21270
Mitre link : CVE-2018-21270
CVE.ORG link : CVE-2018-21270
JSON object : View
Products Affected
nodejs
- node.js
CWE
CWE-125
Out-of-bounds Read