GHSA-cx8m-8xmx-q8v3

Source

https://github.com/advisories/GHSA-cx8m-8xmx-q8v3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-cx8m-8xmx-q8v3/GHSA-cx8m-8xmx-q8v3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-cx8m-8xmx-q8v3

Aliases

CVE-2018-3767

Published

2018-10-10T17:25:12Z

Modified

2023-11-08T04:00:19.450166Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

Denial of Service in memjs

Details

Versions of memjs prior to 1.2.2 are vulnerable to Denial of Service (DoS). The package fails to sanitize the value option passed to the Buffer constructor, which may allow attackers to pass large values exhausting system resources.

Recommendation

Upgrade to version 1.2.2 or later.

Database specific

{
    "cwe_ids": [
        "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:33:11Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
}

References

Affected packages

npm / memjs

Package

Name: memjs; View open source insights on deps.dev
Purl: pkg:npm/memjs

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.2.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-cx8m-8xmx-q8v3/GHSA-cx8m-8xmx-q8v3.json"