fast-string-search@1.4.1 vulnerabilities

Fast search substrings in a string by using N-API and boyer-moore-magiclen.

latest version

1.4.4

first published

7 years ago

latest version published

1 years ago

licenses detected

MIT
>=0

View fast-string-search package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the fast-string-search package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Out-of-bounds Read fast-string-search is a module that can search substrings in a string by using N-API and boyer-moore-magiclen. Affected versions of this package are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory. ###PoC `const fss = require('fast-string-search'); fss.indexOf("My password is joke 9", "is"); let res = fss.indexOf(1, "9"); // res will contain the index of "9" from the previous input and not the current one. console.log(res)` How to fix Out-of-bounds Read? There is no fixed version for `fast-string-search`.	*
H Denial of Service (DoS) fast-string-search is a module that can search substrings in a string by using N-API and boyer-moore-magiclen. Affected versions of this package are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation. How to fix Denial of Service (DoS)? There is no fixed version for `fast-string-search`.	*

Out-of-bounds Read

fast-string-search is a module that can search substrings in a string by using N-API and boyer-moore-magiclen.

Affected versions of this package are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory.

###PoC

const fss = require('fast-string-search');
fss.indexOf("My password is joke 9", "is"); 
let res = fss.indexOf(1, "9"); 
// res will contain the index of "9" from the previous input and not the current one.
console.log(res)

How to fix Out-of-bounds Read?

There is no fixed version for fast-string-search.

Denial of Service (DoS)

fast-string-search is a module that can search substrings in a string by using N-API and boyer-moore-magiclen.

Affected versions of this package are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation.

How to fix Denial of Service (DoS)?

There is no fixed version for fast-string-search.

Go back to all versions of this package