Moderate severityNVD Advisory· Published Dec 3, 2020· Updated Aug 5, 2024
CVE-2018-21270
CVE-2018-21270
Description
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
stringstreamnpm | < 0.0.6 | 0.0.6 |
Affected products
2- Node.js/stringstreamdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-mf6x-7mm4-x2g7ghsaADVISORY
- github.com/mhart/StringStream/blob/v0.0.5/stringstream.jsghsaWEB
- github.com/mhart/StringStream/issues/7mitrex_refsource_MISC
- hackerone.com/reports/321670ghsax_refsource_MISCWEB
- www.npmjs.com/advisories/664ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.