Remote Memory Exposure Affecting bittorrent-dht package, versions <5.1.3

Snyk CVSS

Attack Complexity Low

Threat Intelligence

EPSS 0.15% (51^st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID npm:bittorrent-dht:20160104
published 5 Jan 2016
disclosed 4 Jan 2016
credit Feross Aboukhadijeh, Mathias Buss Madsen

Report a new vulnerability Found a mistake?

Introduced: 4 Jan 2016

CVE-2016-10519 Open this link in a new tab CWE-201 Open this link in a new tab

Overview

A memory disclosure vulnerability exists in bittorrent-dht module that would allow an attacker to send a specific series of messages to a listening peer to make it disclose internal memory of the node.js process.

References

https://github.com/feross/bittorrent-dht/issues/87