Out-of-Bounds read in stringstream

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).

WITHDRAWN

This is a duplicate of GHSA-mf6x-7mm4-x2g7

Published: Jan 6, 2022
Updated: Apr 14, 2023
GHSA: GHSA-qpw2-xchm-655q
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
stringstream	-	0.0.6

https://github.com/mhart/StringStream/commit/2f4a9d496f94b0880e01a26857aa266a5a3ef274
https://github.com/mhart/StringStream/issues/7
https://hackerone.com/reports/321670
https://www.npmjs.com/advisories/664

Vulnerability Database

289,599

Out-of-Bounds read in stringstream

WITHDRAWN