CVE-2021-39176

HIGH

Detect-character-encoding < 0.3.1 - Memory Leak

Title source: rule

Description

detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1.

References (4)

[Patch, Third Party Advisory] https://github.com/sonicdoe/detect-character-encoding/commit/d44356927b92e3b13e178071bf6d7c671766f588

View Patch ZIP pw:eip

[Issue Tracking, Patch, Third Party Advisory] https://github.com/sonicdoe/detect-character-encoding/pull/6

[Third Party Advisory] https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.3.1

[Exploit, Patch, Third Party Advisory] https://github.com/sonicdoe/detect-character-encoding/security/advisories/GHSA-5rwj-j5m3-3chj

Scores

CVSS v3 7.5

EPSS 0.0062

EPSS Percentile 69.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (2)

detect-character-encoding_project/detect-character-encoding < 0.3.1

npm/detect-character-encoding < 0.3.1npm

Timeline

Published Aug 31, 2021

Tracked Since Feb 18, 2026