Severity: moderate

Out-of-bounds Read



All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.


No fix is currently available for this vulnerability. It is our recommendation to not install or use this module if user input is being passed in to stringstream.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    May 16th, 2018
  2. reported

    May 16th, 2018