bigint-buffer Vulnerable to Buffer Overflow via toBigIntLE() Function

Description

Versions of the package bigint-buffer from 0.0.0 to 1.1.5 are vulnerable to Buffer Overflow in the toBigIntLE() function. Attackers can exploit this to crash the application.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 1.1.5

References

• GHSA-3gc7-fjrx-p6mg
• security.snyk.io
• www.usenix.org
• CVE-2025-3194
• CWE-120
• CAPEC-310
• OWASP 2021-A6

Related Issues

• `vega-functions` vulnerable to Cross-site Scripting via `setdata` function - CVE-2025-66648
• Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule - CVE-2025-67750
• Finance.js vulnerable to DoS via the IRR function’s depth parameter - CVE-2025-56571
• mockjs vulnerable to Prototype Pollution via the Util.extend function - CVE-2023-26158

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

bigint-buffer