CVE-2020-7689
MEDIUMnode.bcrypt.js < 5.0.0 - Integer Overflow in Data Length Handling
Title source: llmDescription
Data is truncated wrong when its length is greater than 255 bytes.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-BCRYPT-572911
Third Party Advisory x_refsource_misc
https://github.com/kelektiv/node.bcrypt.js/issues/776
Patch, Third Party Advisory x_refsource_misc
https://github.com/kelektiv/node.bcrypt.js/pull/806
Patch, Third Party Advisory x_refsource_misc
https://github.com/kelektiv/node.bcrypt.js/pull/807
Scores
CVSS v3
5.9
EPSS
0.0078
EPSS Percentile
51.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-190
CWE-327
Status
published
Products (2)
node.bcrypt.js_project/node.bcrypt.js
< 5.0.0
npm/bcrypt
0 - 5.0.0npm
Published
Jul 01, 2020
Tracked Since
Feb 18, 2026