PT-2018-16185 · Memjs · Memjs

Chalker

Published

2018-07-05

Updated

2019-10-09

CVE-2018-3767

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions memjs versions <= 1.1.0 memjs versions prior to 1.2.2

Description The issue results in Denial of Service (DoS) and uninitialized memory usage due to the allocation and storage of buffers on typed input. The package fails to sanitize the value option passed to the Buffer constructor, allowing attackers to pass large values that exhaust system resources.

Recommendations For memjs versions <= 1.1.0, upgrade to version 1.2.2 or later. For memjs versions prior to 1.2.2, upgrade to version 1.2.2 or later.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2018-3767

GHSA-CX8M-8XMX-Q8V3

Affected Products

Memjs

PT-2018-16185 · Memjs · Memjs

CVE-2018-3767

Weakness Enumeration

Related Identifiers

Affected Products

References · 6