Skip to content

Memory Exposure in bl

Moderate severity GitHub Reviewed Published Jun 3, 2019 • Updated Aug 4, 2021

Package

npm bl (npm)

Affected versions

< 0.9.5
= 1.0.0

Patched versions

0.9.5
1.0.1

Description

Versions of bl before 0.9.5 and 1.0.1 are vulnerable to memory exposure.

bl.append(number) in the affected bl versions passes a number to Buffer constructor, appending a chunk of uninitialized memory

Recommendation

Update to version 0.9.5, 1.0.1 or later.

References

Severity

Moderate

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-wrw9-m778-g6mc

Source code

No known source code
Checking history
See something to contribute? Suggest improvements for this vulnerability.