Bug 1576654 - nodejs-bl: Numeric arguments passed to bl.append() return uninitialized memory
Summary: nodejs-bl: Numeric arguments passed to bl.append() return uninitialized memory
Keywords:
Status: NEW
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1576655 1576872 1577875
Blocks: 1576657
TreeView+ depends on / blocked
 
Reported: 2018-05-10 04:54 UTC by Sam Fowler
Modified: 2021-02-17 00:20 UTC (History)
21 users (show)

Fixed In Version: nodejs-bl 0.9.5, nodejs-bl 1.0.1
Doc Type: If docs needed, set a value
Doc Text:
It was found that the nodejs-bl append() function did not properly handle numeric argument, resulting in a read buffer overflow. An attacker could use this flaw to disclose Node.js application memory.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Sam Fowler 2018-05-10 04:54:28 UTC
bl before versions 0.9.5 and 1.0.1 are vulnerable to memory exposure.

bl.append(number) in the affected bl versions passes a number to Buffer constructor, appending a chunk of uninitialized memory.


Upstream issue:

https://github.com/rvagg/bl/pull/22


Upstream patch:

https://github.com/rvagg/bl/pull/22/commits/8e1ddb38145ac4556af67d5e18534e8f4bccbf98


External Reference:

https://nodesecurity.io/advisories/596

Comment 1 Sam Fowler 2018-05-10 04:54:52 UTC
Created nodejs-bl tracking bugs for this issue:

Affects: epel-7 [bug 1576655]


Note You need to log in before you can comment on or make changes to this bug.