CVE-2018-21270

Out-of-bounds Read in stringstream

Description

All versions of `stringstream` are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below. ## Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module if user input is being passed in to `stringstream`.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Vulnerability Details

Score

Score Vector

Affected Versions

stringstream < 0.0.6

Severity

Ecosystem

JavaScript

Publish Date

June 20, 2019

Modified Date

November 7, 2023