GHSA-cxx3-36qc-m6qm

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-cxx3-36qc-m6qm/GHSA-cxx3-36qc-m6qm.json

Aliases

CVE-2023-26110

Published

2023-03-09T06:30:21Z

Modified

2023-03-15T19:16:23Z

Details

All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-26110
https://github.com/song940/node-bluetooth
https://security.snyk.io/vuln/SNYK-JS-NODEBLUETOOTH-3311821

Affected packages

npm / node-bluetooth

node-bluetooth

Affected ranges

Type: SEMVER
Events: Introduced

0

Affected versions

Database specific

{
    "last_known_affected_version_range": "<= 1.2.6"
}