GHSA-mhxj-85r3-2x55

Source

https://github.com/advisories/GHSA-mhxj-85r3-2x55

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-mhxj-85r3-2x55/GHSA-mhxj-85r3-2x55.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mhxj-85r3-2x55

Aliases

CVE-2022-36313

Published

2022-07-22T00:00:38Z

Modified

2023-11-08T04:10:02.456879Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

file-type vulnerable to Infinite Loop via malformed MKV file

Details

An issue was discovered in the file-type package from 13.0.0 until 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack when used on a web server.

Database specific

{
    "nvd_published_at": "2022-07-21T16:15:00Z",
    "cwe_ids": [
        "CWE-835"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-22T20:26:05Z"
}

References

Affected packages

npm / file-type

Package

Name: file-type; View open source insights on deps.dev
Purl: pkg:npm/file-type

Affected ranges

Type: SEMVER
Events: Introduced

13.0.0

Fixed

16.5.4

npm / file-type

Package

Name: file-type; View open source insights on deps.dev
Purl: pkg:npm/file-type

Affected ranges

Type: SEMVER
Events: Introduced

17.0.0

Fixed

17.1.3