Improper Handling of Unexpected Data Type

CVE-2022-21164

High

7.5/10

Summary

The package node-lmdb before 0.9.7 are vulnerable to Denial of Service (DoS) when defining a non-invokable ToString value, which will cause a crash during type check.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-241 - Improper Handling of Unexpected Data Type

The software does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).

References

Advisory

Advisory Timeline

Published Mar 16, 2022

Improper Handling of Unexpected Data Type

CVE-2022-21164

Summary

CWE-241 - Improper Handling of Unexpected Data Type

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS