Package: node-concat-stream
Version: 1.5.1-1
Severity: grave
Tags: patch security fixed-upstream fixed-in-experimental
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org
forwarded: https://snyk.io/vuln/npm:concat-stream:20160901

Overview

concat-stream is writable stream that concatenates strings or binary data and 
calls a callback with the result. Affected versions of the package are 
vulnerable to Uninitialized Memory Exposure.

A possible memory disclosure vulnerability exists when a value of type number 
is provided to the stringConcat() method and results in concatination of 
uninitialized memory to the stream collection.

This is a result of unobstructed use of the Buffer constructor, whose insecure 
default constructor increases the odds of memory leakage.

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to