Severity: moderate

    Out-of-bounds Read

    stringstream

    Overview

    Versions of stringstream before 0.0.6 are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.

    Remediation

    Upgrade to version 0.0.6 or later.

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory published
      May 16th, 2018
    2. reported

      Initial report by Сковорода Никита Андреевич
      May 16th, 2018