SNYK-JS-BIGINTBUFFER-3364597

SNYK-JS-BIGINTBUFFER-3364597 PUBLISHED CVSS 8.699999809265137 HIGH

## Overview [bigint-buffer](https://www.npmjs.com/package/bigint-buffer) is a Node utility that converts TC39 Proposed BigInts to and from buffers Affected versions of this package are vulnerable to Buffer Overflow in the `toBigIntLE()` function. Attackers can exploit this to crash the application. ## PoC ```js let be = require('bigint-buffer'); console.log(be.toBigIntLE(null)); ``` ## Remediation There is no fixed version for `bigint-buffer`. ## References - [Native Node Extension Risks](https://www.usenix.org/system/files/sec23fall-prepub-262_staicu.pdf) - [Vulnerable Code](https://github.com/no2chem/bigint-buffer/blob/master/src/index.ts#L25)

Risk Scores

CVSS v3.1

8.699999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

Affected Products

Vendor	Product	Versions
		0.0.0

Timeline

Mar 20, 2023 CVE Updated
Apr 3, 2025 CVE Published

References

https://security.snyk.io/vuln/SNYK-JS-BIGINTBUFFER-3364597 advisory
https://www.npmjs.com/package/bigint-buffer vendor
https://www.usenix.org/system/files/sec23fall-prepub-262_staicu.pdf technical
https://github.com/no2chem/bigint-buffer/blob/master/src/index.ts#L25 technical

Open in Interactive Console →