fast-string-search@1.2.1 vulnerabilities
Fast search substrings in a string by using N-API and boyer-moore-magiclen.
-
latest version
1.4.4
-
first published
7 years ago
-
latest version published
7 months ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the fast-string-search package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
fast-string-search is a module that can search substrings in a string by using N-API and boyer-moore-magiclen. Affected versions of this package are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory. ###PoC
How to fix Out-of-bounds Read? There is no fixed version for |
*
|
fast-string-search is a module that can search substrings in a string by using N-API and boyer-moore-magiclen. Affected versions of this package are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation. How to fix Denial of Service (DoS)? There is no fixed version for |
*
|