Out-of-Bounds Read Vulnerability in Node.js Stringstream Module
CVE-2018-21270

6.5MEDIUM

Key Information:

Vendor

Nodejs

Status
Node.js
Vendor
CVE Published:
3 December 2020

What is CVE-2018-21270?

The Node.js stringstream module, specifically versions earlier than 0.0.6, is susceptible to an out-of-bounds read vulnerability. This issue arises due to the allocation of uninitialized buffers when a numeric input is processed within the stream. This behavior occurs when utilizing Node.js 4.x, potentially allowing malicious inputs to lead to unauthorized memory access.

References

https://hackerone.com/reports/321670
x_refsource_MISC
https://www.npmjs.com/advisories/664
x_refsource_MISC
https://github.com/mhart/StringStream/issues/7
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-21270 : Out-of-Bounds Read Vulnerability in Node.js Stringstream Module