Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-21270

Good to know:

icon
icon

Date: December 3, 2020

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).

Language: Java

Severity Score

Related Resources (6)

https://hackerone.com/reports/321670
https://nvd.nist.gov/vuln/detail/CVE-2018-21270
https://github.com/mhart/StringStream/blob/v0.0.5/stringstream.js#L32
https://github.com/mhart/StringStream/issues/7
https://www.npmjs.com/advisories/664
https://www.mend.io/vulnerability-database/CVE-2018-21270

Severity Score

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

Top Fix

icon

Upgrade Version

Upgrade to version chrisbraybrooke/laravel-ecommerce - dev-form-field-key;chrisbraybrooke/laravel-ecommerce - 0.0.56;chrisbraybrooke/laravel-ecommerce - 0.0.2;chrisbraybrooke/laravel-ecommerce - 0.0.17;Sheeler.AngularTemplate - no_fix;seidemann-web/wave-theme - no_fix;seidemann-web/wave-theme - dev-WT-36/Sticky-Header-Fixes;seidemann-web/wave-theme - dev-fixUpLanguageConstants;sombrerodepaja/franky-skeleton-application - no_fix;z3/t3build-node - 1.0.11;tikiwiki/diagram - v6.5.7;node-sass-bundle - no_fix;computerundsound/curserver - no_fix;computerundsound/curserver - 2.2.0;Tools.Npm - no_fix;Npm3 - no_fix;LessMsbuildTasksRelativePaths - no_fix;stringstream - 0.0.6;frankyframework/franky2 - no_fix;kayrules/solatjakim-api-site - dev-version-1.0;Npm-Shift - no_fix;AutoRest - no_fix;ilhanet/erpnet-widget-resource - no_fix;LessMsbuildTasks - 1.0.11;Yarn.MSBuild - 0.24.6;Yarn.MSBuild - 0.22.0;yuan1994/wechat_web_devtools - 0.15.152901-core;JetBrains.Rider.Frontend5 - 213.0.20211008.154703-eap03;MIDIator.WebClient - 1.0.105;oburatongoi/productivity - 0.0.1;oburatongoi/productivity - 0.0.13;oburatongoi/productivity - no_fix;NodeBin - no_fix;Npm.js - no_fix;Fable.Template.Elmish.React - 0.1.6;LessMsbuildTasksFixed - no_fix;erdiko/user-admin - no_fix;erdiko/user-admin - dev-ER-91;Yarnpkg.Yarn - 0.26.1;Raml.Parser - 1.0.9;Ncapsulate.Node - no_fix;zombie.js - no_fix;Ncapsulate.Bower - no_fix;Npm - no_fix;NativeScript.Sidekick.Standalone.Shell - 1.10.0-v2018052401;Bower - no_fix;Fable.Library.Template - no_fix;Sheelersoft.AngularTemplate - no_fix;deltasystems/dewdrop - dev-hotfix-check-href;lukesnowden/application-base - no_fix;Ncapsulate.Node.Shadow - no_fix;limefamily/yii2-limetheme - 1.0.12;pwptemplatepusintek - no_fix;spiral/toolkit - v0.9.0;spiral/toolkit - v0.8.18;spiral/toolkit - v0.8.20;JetBrains.Rider.Frontend6 - no_fix;mpcmf/mpcmf-web-app - 1.0.0.x-dev;mpcmf/mpcmf-web-app - no_fix;Nodejs.Redist.x64 - 7.7.3.1;Nodejs.Redist.x64 - 10.3.0;Betclic.BuildTools.Node - no_fix;adrexia/silverstripe-gumby-theme - 2;tombeachell/forza-magento - no_fix;lufangyu1217/demo - dev-develop;dreamfactory/df-api-docs-ui - 1.1.0;org.webjars:npm:5.0.0-1;org.webjars:npm:4.0.2;org.webjars:npm:4.4.4;org.webjars:npm:no_fix;org.webjars.bower:npm:no_fix;org.webjars:browser-sync:no_fix;org.webjars.npm:bourbon-neat:2.1.0;org.webjars.npm:bower:1.8.12;org.webjars.npm:stringstream:0.0.6

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us