GHSA-9jh3-4pc9-hq29

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-9jh3-4pc9-hq29/GHSA-9jh3-4pc9-hq29.json

Aliases

CVE-2023-26109

Published

2023-03-09T06:30:21Z

Modified

2023-03-15T19:18:36Z

Details

All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-26109
https://github.com/tinyprinter/node-bluetooth-serial-port
https://security.snyk.io/vuln/SNYK-JS-NODEBLUETOOTHSERIALPORT-3311820

Affected packages

npm / node-bluetooth-serial-port

node-bluetooth-serial-port

Affected ranges

Type: SEMVER
Events: Introduced

0

Affected versions

Database specific

{
    "last_known_affected_version_range": "<= 2.2.7"
}