All versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks.
References
Link | Resource |
---|---|
https://github.com/justmoon/node-bignum/blob/ef2e02533e598d6df8421000033c4753cde89ee2/index.js%23L111 | Broken Link Third Party Advisory |
https://snyk.io/vuln/SNYK-JS-BIGNUM-2388581 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2022-05-06T00:00:00
Updated: 2022-05-06T20:00:13
Reserved: 2022-02-24T00:00:00
Link: CVE-2022-25324
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-06T20:15:07.937
Modified: 2022-05-17T16:42:34.577
Link: CVE-2022-25324
JSON object: View
Redhat Information
No data.
CWE