From 60d596f85d58aa896c140f922f9f57e5cbbc8220 Mon Sep 17 00:00:00 2001 From: Adaline Valentina Simonian Date: Sat, 14 Mar 2026 22:08:51 +0100 Subject: [PATCH] Improve GHSA-gmq8-994r-jv83 --- .../03/GHSA-gmq8-994r-jv83/GHSA-gmq8-994r-jv83.json | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/advisories/github-reviewed/2026/03/GHSA-gmq8-994r-jv83/GHSA-gmq8-994r-jv83.json b/advisories/github-reviewed/2026/03/GHSA-gmq8-994r-jv83/GHSA-gmq8-994r-jv83.json index 2f2baf7854871..88668c0acfb76 100644 --- a/advisories/github-reviewed/2026/03/GHSA-gmq8-994r-jv83/GHSA-gmq8-994r-jv83.json +++ b/advisories/github-reviewed/2026/03/GHSA-gmq8-994r-jv83/GHSA-gmq8-994r-jv83.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-gmq8-994r-jv83", - "modified": "2026-03-13T18:58:11Z", + "modified": "2026-03-13T18:58:14Z", "published": "2026-03-12T00:31:17Z", "aliases": [ "CVE-2026-31988" @@ -9,10 +9,6 @@ "summary": "yauzl contains an off-by-one error", "details": "yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor < data.length + 4 instead of cursor + 4 <= data.length, allowing readUInt16LE() to read past the buffer boundary. A remote attacker can cause a denial of service (process crash via ERR_OUT_OF_RANGE exception) by sending a crafted zip file with a malformed NTFS extra field. This affects any Node.js application that processes zip file uploads and calls entry.getLastModDate() on parsed entries. Fixed in version 3.2.1.", "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" - }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" @@ -29,13 +25,16 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "0" + "introduced": "3.2.0" }, { "fixed": "3.2.1" } ] } + ], + "versions": [ + "3.2.0" ] } ],