Noah's Pairwise Manifest
Severity: moderate

Out-of-bounds Read

stringstream

Overview

All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.

Remediation

No fix is currently available for this vulnerability. It is our recommendation to not install or use this module if user input is being passed in to stringstream.

Advisory timeline

  1. published

    Advisory published
    May 16th, 2018
  2. reported

    May 16th, 2018