This affects the package
dns-packet before versions 1.3.2 and 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.
Upgrade to version 5.2.2 or later
publishedAdvisory PublishedMay 24th, 2021
reportedReported by AnonymousMay 24th, 2021