Overview
Affected versions of node-weakauras-parser
are vulnerable to a Buffer Overflow. The encode_weakaura
function fails to properly validate the input size. A buffer of 13835058055282163711 bytes causes an overflow on 64-bit systems.
Remediation
Upgrade to versions 1.0.5, 2.0.2, 3.0.1 or later.
Resources
Have content suggestions? Visit npmjs.com/support.
Advisory timeline
published
Advisory PublishedApr 7th, 2020reported
Reported by VelithrisApr 7th, 2020