node-bitwise-xor icon indicating copy to clipboard operation
node-bitwise-xor copied to clipboard
verified publisher icon czzarr

Memory Information Leak

Open FlorianWendelborn opened this issue 10 years ago • 0 comments

In this file might be a bug that could lead to some random memory being dumped into the output buffer.

If you provide an integer as argument a or b to that function it will create a new Buffer with the size of that integer. That buffer will not be filled with 0s, but random data previously stored in memory. As far as I know that could in fact be some private information like private keys etc.

As this exploit would require somebody to allow this function to receive an integer argument this may not happen in most cases, but on some edge cases it could definitely be an issue. I therefore suggest you to check what a and b are before creating some buffers that might contain private information.

FlorianWendelborn avatar Oct 03 '15 20:10 FlorianWendelborn