PT-2026-24893 · Root+4 · @Rootio/Yauzl+2
Josh Wolfe
+1
·
Publicado
2026-03-11
·
Atualizado
2026-06-04
·
CVE-2026-31988
CVSS v4.0
6.9
Média
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
yauzl version 3.2.0
Description
yauzl, also known as Yet Another Unzip Library, version 3.2.0 for Node.js contains an off-by-one error within the
getLastModDate() function, specifically in the NTFS extended timestamp extra field parser. The condition in a 'while' loop incorrectly checks cursor < data.length + 4 instead of cursor + 4 <= data.length, which allows the readUInt16LE() function to read beyond the buffer's boundaries. A remote attacker can exploit this by sending a specially crafted zip file containing a malformed NTFS extra field, leading to a denial of service and a process crash due to an ERR OUT OF RANGE exception. This impacts any Node.js application that processes zip file uploads and calls entry.getLastModDate() on the parsed entries.Recommendations
Update yauzl to version 3.2.1 or later.
Exploit
Correção
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
@Rootio/Yauzl
Node-Yauzl
Yauzl