CVE-2025-3194

HIGH

bigint-buffer - Buffer Overflow in toBigIntLE()

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-3194. PoCs published by LoserLab.

AI-analyzed exploit summary This repository provides a detailed technical analysis and a safe, pure-JavaScript replacement for the vulnerable `bigint-buffer` package affected by CVE-2025-3194. It includes input validation to prevent buffer overflows and DoS attacks, along with comprehensive documentation and benchmarks.

Description

Versions of the package bigint-buffer from 0.0.0 are vulnerable to Buffer Overflow in the toBigIntLE() function. Attackers can exploit this to crash the application.

Exploits (1)

nomisec WRITEUP 1 stars
by LoserLab · poc
https://github.com/LoserLab/bigint-buffer-safe

This repository provides a detailed technical analysis and a safe, pure-JavaScript replacement for the vulnerable `bigint-buffer` package affected by CVE-2025-3194. It includes input validation to prevent buffer overflows and DoS attacks, along with comprehensive documentation and benchmarks.

Classification
Writeup 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: bigint-buffer (versions up to 1.1.5)
No auth needed
Prerequisites: Presence of `bigint-buffer` in the dependency tree · Use of `@solana/web3.js` v1.x or related Solana ecosystem packages
devstral-2 · analyzed Mar 09, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0094
EPSS Percentile 76.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-120
Status published
Products (2)
n/a/bigint-buffer 0.0.0
npm/bigint-buffer 0npm
Published Apr 04, 2025
Tracked Since Feb 18, 2026