PT-2021-22393 · Ced · Ced

Published

2021-08-17

Updated

2021-08-27

CVE-2021-39131

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ced versions 0.1.0

Description The issue arises when passing data types other than Buffer to ced, causing the Node.js process to crash. This problem has been resolved in version 1.0.0. As a temporary measure, users can verify if an object is a Buffer using Buffer.isBuffer(obj) before passing it to ced.

Recommendations For ced version 0.1.0, upgrade to version 1.0.0 to resolve the issue. As a temporary workaround, before passing an argument to ced, verify it’s a Buffer using Buffer.isBuffer(obj).

Exploit

Fix

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-241CWE-755

Related Identifiers

CVE-2021-39131

GHSA-27WQ-QX3Q-FXM9

Affected Products

Ced

PT-2021-22393 · Ced · Ced

CVE-2021-39131

Weakness Enumeration

Related Identifiers

Affected Products

References · 10