CVE-2018-3739

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).
References
Link Resource
https://hackerone.com/reports/319532 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:https-proxy-agent_project:https-proxy-agent:*:*:*:*:*:node.js:*:*

Information

Published : 2018-06-07 02:29

Updated : 2019-10-09 11:40


NVD link : CVE-2018-3739

Mitre link : CVE-2018-3739

Products Affected
No products.
CWE
CWE-125

Out-of-bounds Read