Vulnerabilities

 1 via 1 paths

Dependencies

 3

Source

 GitHub

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Buffer Overflow

  • Vulnerable module: bigint-buffer
  • Introduced through: bigint-buffer@1.1.5

Detailed paths

  • Introduced through: node-fe1-fpe@eCollect/node-fe1-fpe bigint-buffer@1.1.5

Overview

bigint-buffer is a Node utility that converts TC39 Proposed BigInts to and from buffers

Affected versions of this package are vulnerable to Buffer Overflow in the toBigIntLE() function. Attackers can exploit this to crash the application.

PoC

let be = require('bigint-buffer');
console.log(be.toBigIntLE(null));

Remediation

There is no fixed version for bigint-buffer.

References

Buffer Overflow vulnerability report