High severityNVD Advisory· Published Aug 24, 2021· Updated Aug 4, 2024
Improper Handling of Exceptional Conditions in detect-character-encoding
CVE-2021-39157
Description
detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in detect-character-encoding v0.7.0. No workaround are available and all users should update to resolve this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
detect-character-encodingnpm | < 0.7.0 | 0.7.0 |
Affected products
1- Range: < 0.7.0
Patches
1992a11007fffReturn null if no charset matches
3 files changed · +12 −0
icuWrapper.cpp+6 −0 modified@@ -40,6 +40,12 @@ NAN_METHOD(DetectCharacterEncoding) { return; } + if(charsetMatch == NULL) { + info.GetReturnValue().Set(Nan::Null()); + ucsdet_close(charsetDetector); + return; + } + const char *charsetName = ucsdet_getName(charsetMatch, &errorCode); if(U_FAILURE(errorCode)) {
README.md+2 −0 modified@@ -27,6 +27,8 @@ console.log(charsetMatch); // } ``` +detect-character-encoding may return `null` if no charset matches. + ## Supported operating systems - macOS High Sierra
test/index.js+4 −0 modified@@ -18,6 +18,10 @@ it('should return a confidence value', () => { assert(typeof detectCharacterEncoding(getFixture('utf-8.txt')).confidence === 'number'); }); +it('should return null if no charset matches', () => { + assert.strictEqual(detectCharacterEncoding(Buffer.from([0xAB])), null); +}); + it('should throw a TypeError if argument is not a buffer', () => { assert.throws(() => { detectCharacterEncoding('string');
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-jqfh-8hw5-fqjrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-39157ghsaADVISORY
- github.com/sonicdoe/detect-character-encoding/commit/992a11007fff6cfd40b952150ab8d30410c4a20aghsax_refsource_MISCWEB
- github.com/sonicdoe/detect-character-encoding/issues/15ghsax_refsource_MISCWEB
- github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0ghsaWEB
- github.com/sonicdoe/detect-character-encoding/security/advisories/GHSA-jqfh-8hw5-fqjrghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.