Description

All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation.

Remediation

References

https://snyk.io/vuln/SNYK-JS-FASTSTRINGSEARCH-2392367

Related Vulnerabilities

CVE-2022-3509 Vulnerability in maven package com.google.protobuf:protobuf-java

CVE-2021-23374 Vulnerability in npm package ps-visitor

CVE-2023-27162 Vulnerability in maven package org.openapitools:openapi-generator-project

CVE-2021-45105 Vulnerability in maven package org.apache.logging.log4j:log4j-core

CVE-2018-1000632 Vulnerability in maven package dom4j:dom4j

Severity

High

Classification

CWE-682 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Exploit Third Party Advisory