Headline
CVE-2023-26109: Snyk Vulnerability Database | Snyk
All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications
- Snyk ID SNYK-JS-NODEBLUETOOTHSERIALPORT-3311820
- published 8 Mar 2023
- disclosed 6 Feb 2023
- credit Raoul Scholtes, Giancarlo Pellegrino, Cris Staicu
How to fix?
There is no fixed version for node-bluetooth-serial-port.
Overview
Affected versions of this package are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.
PoC
const BluetoothSerialPort = require("node-bluetooth-serial-port")
const serial = new BluetoothSerialPort.BluetoothSerialPort()
serial.findSerialPortChannel("INSERT A VERY LONG STRING HERE INSTEAD OF THIS LINE", () => console.log("success"), () => console.log("error"))Related news
All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.