bigint-buffer Vulnerable to Buffer Overflow via toBigIntLE() Function

Description

Versions of the package bigint-buffer from 0.0.0 to 1.1.5 are vulnerable to Buffer Overflow in the toBigIntLE() function. Attackers can exploit this to crash the application.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 1.1.5

References

• GHSA-3gc7-fjrx-p6mg
• security.snyk.io
• www.usenix.org
• CVE-2025-3194
• CWE-120
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule - CVE-2025-67750
• Finance.js vulnerable to DoS via the IRR function’s depth parameter - CVE-2025-56571
• `vega-functions` vulnerable to Cross-site Scripting via `setdata` function - CVE-2025-66648
• React Editable Json Tree vulnerable to arbitrary code execution via function parsing - CVE-2022-36010

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

bigint-buffer