GHSA-8w4h-3cm3-2pm2

Source

https://github.com/advisories/GHSA-8w4h-3cm3-2pm2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-8w4h-3cm3-2pm2/GHSA-8w4h-3cm3-2pm2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8w4h-3cm3-2pm2

Aliases

CVE-2018-3745

Published

2018-10-09T00:56:26Z

Modified

2023-11-08T04:00:18.535494Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

Out-of-bounds Read in atob

Details

Versions of atob before 2.1.0 uninitialized Buffers when number is passed in input on Node.js 4.x and below.

Recommendation

Update to version 2.1.0 or later.

Database specific

{
    "cwe_ids": [
        "CWE-125"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:26:52Z",
    "nvd_published_at": "2018-05-29T20:29:00Z",
    "severity": "CRITICAL"
}

References

Affected packages

npm / atob

Package

Name: atob; View open source insights on deps.dev
Purl: pkg:npm/atob

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-8w4h-3cm3-2pm2/GHSA-8w4h-3cm3-2pm2.json"