Out-of-bounds Read in org.webjars.npm:utile

Cx61ff18e9-706e

org.webjars.npm:utile
utile

Low

1.8/10

Summary

Utile is vulnerable to uninitialized buffer allocation, which allows to extract sensitive data from uninitialized memory or to cause a Denial of Service by passing in a large number, in setups where typed user input can be passed (e.g. from JSON). This module is not maintained. This issue affects Utile versions 0.0.8 and after.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: HIGH
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-125 - Out-of-Bounds Read

Out-of-bounds read is a vulnerability that allows access to memory beyond the authorized accessible location. Such a vulnerability compromises the confidentiality of the trusted environment in the application and enables an attacker to launch further attacks by leveraging the exposed information.

References

HackerOne

Advisory Timeline

Published Mar 04, 2017

Out-of-bounds Read in org.webjars.npm:utile

Cx61ff18e9-706e

Summary

CWE-125 - Out-of-Bounds Read

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS