[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#969348: buster-pu: package node-bl/1.1.2-1+deb10u1



Control: tags -1 + confirmed

On Mon, 2020-08-31 at 21:09 +0200, Xavier Guimard wrote:
> node-bl is vunerable to CVE-2020-8244 (#969309): A buffer over-read
> vulnerability exists which could allow an attacker to supply user
> input (even typed) that if it ends up in consume() argument and can
> become negative, the BufferList state can be corrupted, tricking it
> into exposing uninitialized memory via regular .slice() calls.
> 

Please go ahead.

Regards,

Adam


Reply to: