concat-stream icon indicating copy to clipboard operation
concat-stream copied to clipboard

Published 20 hours ago verified publisher icon max-mapper

Buffer overread vulnerability

Open pumano opened this issue 8 years ago • 2 comments

Today I got a message from https://nodesecurity.io:

142 - Buffer Overread

Vulnerable: All - Patched: None - Path: [email protected] > [email protected]

How to fix Consider using the --zero-fill-buffers command line argument to zero out buffer before using them.

Avoid passing numeric values to the write function.

pumano avatar Apr 15 '17 20:04 pumano

Duplicate of https://github.com/maxogden/concat-stream/issues/56.

kenany avatar Apr 15 '17 21:04 kenany

This was fixed in concat-stream 1.5.2, yet for some reason nodesecurity still shows it as vulnerable...

LinusU avatar Apr 16 '17 15:04 LinusU