Vulnerabilities

 1 via 1 paths

Dependencies

 3

Source

 GitHub

Commit

 de15cdeb

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Buffer Overflow

  • Vulnerable module: bigint-buffer
  • Introduced through: bigint-buffer@1.1.5

Detailed paths

  • Introduced through: node-fe1-fpe@eCollect/node-fe1-fpe#de15cdebbc71904c70708d17a46beac0a820df19 bigint-buffer@1.1.5

Overview

bigint-buffer is a Node utility that converts TC39 Proposed BigInts to and from buffers

Affected versions of this package are vulnerable to Buffer Overflow in the toBigIntLE() function. Attackers can exploit this to crash the application.

PoC

let be = require('bigint-buffer');
console.log(be.toBigIntLE(null));

Remediation

There is no fixed version for bigint-buffer.

References

Buffer Overflow vulnerability report