Buffer Overflow Affecting bigint-buffer package, versions >=0.0.0

Q: How to fix?

There is no fixed version for bigint-buffer .

Threat Intelligence

Proof of Concept

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-JS-BIGINTBUFFER-3364597
published3 Apr 2025
disclosed20 Mar 2023
creditCris Staicu

Report a new vulnerability Found a mistake?

Introduced: 20 Mar 2023

CVE-2025-3194 (opens in a new tab) CWE-120 (opens in a new tab) First added by Snyk

How to fix?

There is no fixed version for bigint-buffer.

Overview

bigint-buffer is a Node utility that converts TC39 Proposed BigInts to and from buffers

Affected versions of this package are vulnerable to Buffer Overflow in the toBigIntLE() function. Attackers can exploit this to crash the application.

PoC

let be = require('bigint-buffer');
console.log(be.toBigIntLE(null));

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
None
Integrity (VI)
None
Availability (VA)
High

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None