Vulnerability Details CVE-2022-25872
All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.7%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- https://github.com/magiclen/node-fast-string-search/blob/c8dd9fc966abc80b327f509e63360f59e0de9fb5/src/fast-string-search.c%23L192
- https://snyk.io/vuln/SNYK-JS-FASTSTRINGSEARCH-2392368
- https://github.com/magiclen/node-fast-string-search/blob/c8dd9fc966abc80b327f509e63360f59e0de9fb5/src/fast-string-search.c%23L192
- https://snyk.io/vuln/SNYK-JS-FASTSTRINGSEARCH-2392368
Products affected by CVE-2022-25872
-
cpe:2.3:a:fast_string_search_project:fast_string_search:-
-
cpe:2.3:a:fast_string_search_project:fast_string_search:1.2.0
-
cpe:2.3:a:fast_string_search_project:fast_string_search:1.2.1
-
cpe:2.3:a:fast_string_search_project:fast_string_search:1.3.0
-
cpe:2.3:a:fast_string_search_project:fast_string_search:1.4.0
-
cpe:2.3:a:fast_string_search_project:fast_string_search:1.4.1
-
cpe:2.3:a:fast_string_search_project:fast_string_search:1.4.2
-
cpe:2.3:a:fast_string_search_project:fast_string_search:1.4.3