CVE-2022-21164
LOWnode-lmdb < 0.9.7 - Denial of Service via Non-Invokable ToString Value
Title source: llmDescription
The package node-lmdb before 0.9.7 are vulnerable to Denial of Service (DoS) when defining a non-invokable ToString value, which will cause a crash during type check.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-NODELMDB-2400723
Patch, Third Party Advisory x_refsource_misc
https://github.com/Venemo/node-lmdb/commit/97760104c0fd311206b88aecd91fa1f59fe2b85a
Scores
CVSS v3
3.7
EPSS
0.0033
EPSS Percentile
56.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
Status
published
Products (2)
node-lmdb_project/node-lmdb
< 0.9.7
npm/node-lmdb
0 - 0.9.7npm
Published
Mar 16, 2022
Tracked Since
Feb 18, 2026