stringstream

Out-of-bounds Read

Severity: moderate

Overview

All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.

Remediation

No fix is currently available for this vulnerability. It is our recommendation to not install or use this module if user input is being passed in to stringstream.

Vulnerable versions

0.0.0
6 years ago
0.0.1
6 years ago
0.0.2
6 years ago
0.0.3
6 years ago
0.0.4
6 years ago
0.0.5
3 years ago

Unaffected versions

0.0.6
3 months ago

Advisory timeline

  1. published

    Advisory published
    May 16th, 2018
  2. reported

    May 16th, 2018