PT-2020-21147 — Buffer Overflow in Node.Js Node-Weakauras-Parser

PT-2020-21147 · Node.Js · Node-Weakauras-Parser

Published

2020-09-03

Updated

2020-09-03

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions node-weakauras-parser versions prior to 1.0.5 node-weakauras-parser versions prior to 2.0.2 node-weakauras-parser versions prior to 3.0.1

Description The issue arises from a Buffer Overflow in affected versions of the node-weakauras-parser. Specifically, the encode weakaura function fails to properly validate the input size, leading to an overflow when a large buffer size, such as 13835058055282163711 bytes, is used on 64-bit systems.

Recommendations Upgrade to version 1.0.5 or later. Upgrade to version 2.0.2 or later. Upgrade to version 3.0.1 or later.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

GHSA-86MR-6M89-VGJ3

Affected Products

Node-Weakauras-Parser

PT-2020-21147 · Node.Js · Node-Weakauras-Parser

Weakness Enumeration

Related Identifiers

Affected Products

References · 4