Out-of-Bounds Read Vulnerability in Node.js stringstream Module (Versions < 0.0.6)

Out-of-Bounds Read Vulnerability in Node.js stringstream Module (Versions < 0.0.6)

CVE-2018-21270 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).

Learn more about our Web Application Penetration Testing UK.