Incorrect Calculation

CVE-2022-22138

High

7.5/10

Summary

All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-682 - Incorrect Calculation

The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

References

Advisory

Advisory Timeline

Published Jun 17, 2022

Incorrect Calculation

CVE-2022-22138

Summary

CWE-682 - Incorrect Calculation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS